Dobrý den používám eset smart security 4 a hlásí mi to: win32/olmarik v operační paměti - nezle léčit. Bod obnovení systému nefunguje,prosím vás teda o radu.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Tomba Bomba at 2010-01-30 10:19:08
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 66 GB (28%) free of 238 GB
Total RAM: 511 MB (23% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:09, on 30.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Program files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Tomba Bomba\Plocha\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Tomba Bomba.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Port pro program Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1029\OLFSNT40.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{43DD2B70-20A8-4241-8491-2400CEA19607}: NameServer = 193.179.148.42,193.85.1.12
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 5372 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-12 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-12 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-08-16 962808]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-01-08 65536]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-04-21 335872]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"PCSuiteTrayApplication"=C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [2006-06-15 229376]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-01-12 149280]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-11-16 2054360]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Port pro program Symantec Fax Starter Edition.lnk - C:\Program Files\Microsoft Office\Office\1029\OLFSNT40.EXE
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-04-22 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a
======List of files/folders created in the last 1 months======
2010-01-30 10:19:08 ----D---- C:\rsit
2010-01-30 10:07:09 ----D---- C:\Program Files\Trend Micro
2010-01-30 09:57:16 ----D---- C:\WINDOWS\CSC
2010-01-30 09:15:26 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-30 02:24:46 ----A---- C:\WINDOWS\system32\lsdelete.exe
2010-01-30 01:04:58 ----HDC---- C:\Documents and Settings\All Users\Data aplikací\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2010-01-30 01:04:34 ----D---- C:\Program Files\Lavasoft
2010-01-30 01:04:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2010-01-29 14:08:30 ----D---- C:\Documents and Settings\Tomba Bomba\Data aplikací\U3
2010-01-29 14:01:16 ----D---- C:\Program Files\ESET
2010-01-29 13:19:20 ----D---- C:\Documents and Settings\Tomba Bomba\Data aplikací\Printer Info Cache
2010-01-29 13:19:19 ----D---- C:\Documents and Settings\Tomba Bomba\Data aplikací\Image Zone Express
2010-01-29 13:09:59 ----D---- C:\Documents and Settings\Tomba Bomba\Data aplikací\HP
2010-01-29 12:10:44 ----D---- C:\Program Files\RapidDown
2010-01-29 10:20:04 ----D---- C:\Documents and Settings\Tomba Bomba\Data aplikací\Macromedia
2010-01-29 10:20:04 ----D---- C:\Documents and Settings\Tomba Bomba\Data aplikací\Adobe
2010-01-29 10:12:41 ----D---- C:\Documents and Settings\Tomba Bomba\Data aplikací\PC Suite
2010-01-25 20:58:17 ----D---- C:\Program Files\ICQ6Toolbar
2010-01-25 20:58:10 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2010-01-25 20:57:19 ----D---- C:\Program Files\ICQ6.5
2010-01-25 12:21:35 ----D---- C:\Program Files\LogMeIn Hamachi
2010-01-24 12:47:54 ----D---- C:\WINDOWS\Minidump
2010-01-21 20:35:18 ----SHD---- C:\WINDOWS\ftpcache
2010-01-19 22:17:44 ----D---- C:\Program Files\Hamachi
2010-01-17 21:20:00 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-01-17 21:19:59 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2010-01-17 21:19:26 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-01-17 21:19:02 ----D---- C:\WINDOWS\system32\LogFiles
2010-01-17 21:18:55 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2010-01-15 21:42:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sony
2010-01-15 21:42:07 ----D---- C:\Program Files\Sony
2010-01-15 14:49:51 ----A---- C:\WINDOWS\system32\wmpns.dll
2010-01-12 23:10:34 ----D---- C:\WINDOWS\Sun
2010-01-12 23:09:41 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-12 23:09:41 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-12 23:09:41 ----A---- C:\WINDOWS\system32\java.exe
2010-01-12 23:09:19 ----D---- C:\Program Files\Java
2010-01-12 23:06:38 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-01-12 22:40:49 ----A---- C:\WINDOWS\ModemLog_Nokia N70 USB Modem.txt
2010-01-12 22:39:43 ----D---- C:\Program Files\DIFX
2010-01-12 22:39:11 ----D---- C:\Program Files\Common Files\Nokia
2010-01-12 22:38:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Suite
2010-01-12 22:38:50 ----D---- C:\Program Files\Common Files\PCSuite
2010-01-12 22:38:43 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-12 22:38:43 ----A---- C:\WINDOWS\system32\nmwcdlog.dll
2010-01-12 22:38:43 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2010-01-12 22:38:37 ----A---- C:\WINDOWS\system32\nmwcdcls.dll
2010-01-12 22:38:36 ----D---- C:\Program Files\Nokia
2010-01-12 22:38:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\Downloaded Installations
2010-01-07 22:18:40 ----D---- C:\Program Files\Valve
2010-01-06 22:43:19 ----D---- C:\Program Files\MSBuild
2010-01-06 22:39:54 ----D---- C:\WINDOWS\system32\XPSViewer
2010-01-06 22:39:53 ----D---- C:\WINDOWS\system32\en-us
2010-01-06 22:39:22 ----D---- C:\Program Files\Reference Assemblies
2010-01-06 22:38:59 ----N---- C:\WINDOWS\system32\spmsg2.dll
2010-01-06 22:36:31 ----D---- C:\Program Files\The KMPlayer
2010-01-06 22:35:59 ----RSD---- C:\WINDOWS\assembly
2010-01-06 22:34:58 ----D---- C:\WINDOWS\Microsoft.NET
2010-01-06 22:34:24 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2010-01-06 22:34:22 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2010-01-06 22:32:47 ----D---- C:\Program Files\Sony Setup
2010-01-06 22:27:32 ----D---- C:\Program Files\QuickTime
2010-01-06 22:27:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2010-01-06 22:26:54 ----D---- C:\Program Files\Common Files\Apple
2010-01-06 22:26:43 ----D---- C:\Program Files\Apple Software Update
2010-01-06 22:26:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple
2010-01-06 22:25:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
2010-01-06 22:22:21 ----D---- C:\Program Files\Webteh
2010-01-06 20:40:52 ----D---- C:\Program Files\Common Files\Skype
2010-01-06 20:40:49 ----RD---- C:\Program Files\Skype
2010-01-06 20:39:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2010-01-04 19:45:21 ----A---- C:\WINDOWS\system32\irmon.dll
2010-01-04 19:45:20 ----A---- C:\WINDOWS\system32\wshirda.dll
2010-01-04 19:45:20 ----A---- C:\WINDOWS\system32\irftp.exe
2010-01-04 19:30:08 ----RA---- C:\WINDOWS\system32\NmUninst.exe
2010-01-04 19:11:15 ----RA---- C:\WINDOWS\system32\ZSHP1020.EXE
2010-01-04 19:11:14 ----RA---- C:\WINDOWS\system32\ZTAG.DLL
2010-01-04 19:11:14 ----RA---- C:\WINDOWS\system32\ZSPOOL.DLL
2010-01-04 19:11:14 ----RA---- C:\WINDOWS\system32\ZLhp1020.DLL
2010-01-04 19:11:14 ----RA---- C:\WINDOWS\system32\ZIMF.DLL
2010-01-04 18:48:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\WEBREG
2010-01-04 18:45:11 ----D---- C:\Program Files\Common Files\HP
2010-01-04 18:43:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\HP Product Assistant
2010-01-04 18:43:49 ----D---- C:\Documents and Settings\All Users\Data aplikací\HP
2010-01-04 18:43:27 ----RA---- C:\WINDOWS\system32\hp3800co.dll
2010-01-04 18:42:58 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2010-01-04 18:42:54 ----D---- C:\Program Files\Hewlett-Packard
2010-01-04 18:42:25 ----HD---- C:\Config.Msi
2010-01-04 18:42:14 ----D---- C:\Program Files\HP
2010-01-04 11:53:19 ----D---- C:\Program Files\Mozilla Thunderbird
2010-01-04 11:52:13 ----D---- C:\WINDOWS\system32\appmgmt
2010-01-03 19:16:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-01-03 19:16:25 ----D---- C:\Program Files\Common Files\Adobe
2010-01-03 19:16:25 ----D---- C:\Program Files\Adobe
2010-01-03 17:32:28 ----A---- C:\WINDOWS\ODBC.INI
2010-01-03 17:32:27 ----A---- C:\WINDOWS\mdm.ini
2010-01-03 17:32:17 ----A---- C:\WINDOWS\NSREX.INI
2010-01-03 17:31:25 ----D---- C:\Documents and Settings\Tomba Bomba\Data aplikací\Thunderbird
2010-01-03 17:30:31 ----D---- C:\Program Files\Microsoft Visual Studio
2010-01-03 17:30:27 ----D---- C:\Program Files\Common Files\Designer
2010-01-03 17:29:48 ----D---- C:\WINDOWS\system32\Viewers
2010-01-03 17:28:09 ----D---- C:\WINDOWS\ShellNew
2010-01-03 17:27:23 ----D---- C:\Program Files\Snapshot Viewer
2010-01-03 17:25:21 ----D---- C:\WINDOWS\Twain32
2010-01-03 17:25:21 ----D---- C:\Program Files\Microsoft Office
2010-01-03 17:25:21 ----D---- C:\Documents and Settings\Tomba Bomba\Data aplikací\Microsoft Web Folders
2010-01-03 17:18:09 ----D---- C:\Program Files\PapíííClock
2010-01-03 17:16:37 ----A---- C:\WINDOWS\system32\qttask.exe
2010-01-03 17:14:39 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2010-01-03 17:14:39 ----A---- C:\WINDOWS\system32\pndx5032.dll
2010-01-03 17:14:39 ----A---- C:\WINDOWS\system32\pndx5016.dll
2010-01-03 17:14:39 ----A---- C:\WINDOWS\system32\pncrt.dll
2010-01-03 17:14:34 ----D---- C:\WINDOWS\system32\QuickTime
2010-01-03 17:14:34 ----A---- C:\WINDOWS\system32\MSVCR71.dll
2010-01-03 17:14:32 ----A---- C:\WINDOWS\mmtvmj.ini
2010-01-03 17:14:32 ----A---- C:\WINDOWS\m3jp2k.ini
2010-01-03 17:14:31 ----A---- C:\WINDOWS\m3jpeg.ini
2010-01-03 17:14:28 ----A---- C:\WINDOWS\system32\mplvpx.dll
2010-01-03 17:14:28 ----A---- C:\WINDOWS\system32\mplvm6.dll
2010-01-03 17:14:27 ----A---- C:\WINDOWS\system32\mplvw7.dll
2010-01-03 17:14:27 ----A---- C:\WINDOWS\system32\mplva6.dll
2010-01-03 17:14:27 ----A---- C:\WINDOWS\system32\mplaw7.dll
2010-01-03 17:14:27 ----A---- C:\WINDOWS\system32\mplapx.dll
2010-01-03 17:14:27 ----A---- C:\WINDOWS\system32\mplam6.dll
2010-01-03 17:14:27 ----A---- C:\WINDOWS\system32\mplaa6.dll
2010-01-03 17:14:27 ----A---- C:\WINDOWS\system32\cpuinf32.dll
2010-01-03 17:14:26 ----A---- C:\WINDOWS\system32\unrar.dll
2010-01-03 17:14:24 ----A---- C:\WINDOWS\system32\xvidcore.dll
2010-01-03 17:13:45 ----D---- C:\Program Files\ACE Mega CoDecS Pack
2010-01-03 16:48:13 ----SHD---- C:\RECYCLER
2010-01-03 16:39:54 ----AD---- C:\Program Files\Krtecek
2010-01-03 16:35:37 ----D---- C:\Program Files\WinRAR
2010-01-03 15:04:22 ----D---- C:\Documents and Settings\Tomba Bomba\Data aplikací\DAEMON Tools
2010-01-03 13:57:07 ----D---- C:\Documents and Settings\Tomba Bomba\Data aplikací\Mozilla
2010-01-03 13:41:11 ----D---- C:\Documents and Settings\Tomba Bomba\Data aplikací\ESET
2010-01-03 13:39:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-01-02 19:59:38 ----D---- C:\C_
2010-01-02 19:54:40 ----D---- C:\totalcmd
2010-01-02 19:54:40 ----D---- C:\Documents and Settings\Tomba Bomba\Data aplikací\GHISLER
2010-01-02 19:44:16 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2010-01-02 19:44:13 ----RA---- C:\WINDOWS\system32\atiiiexx.dll
2010-01-02 19:43:53 ----D---- C:\Program Files\ATI Technologies
2010-01-02 19:36:56 ----D---- C:\Program Files\VIA
2010-01-02 19:36:25 ----A---- C:\WINDOWS\system32\ksuser.dll
2010-01-02 19:36:23 ----D---- C:\Program Files\Realtek Sound Manager
2010-01-02 19:36:21 ----N---- C:\WINDOWS\avrack.ini
2010-01-02 19:36:21 ----D---- C:\Program Files\AvRack
2010-01-02 19:36:20 ----A---- C:\WINDOWS\system32\RTLCPAPI.dll
2010-01-02 19:36:20 ----A---- C:\WINDOWS\system32\Audio3D.dll
2010-01-02 19:36:20 ----A---- C:\WINDOWS\system32\a3d.dll
2010-01-02 19:36:19 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2010-01-02 19:36:17 ----A---- C:\WINDOWS\system32\RTLCPL.EXE
2010-01-02 19:36:08 ----N---- C:\WINDOWS\alcupd.exe
2010-01-02 19:36:07 ----N---- C:\WINDOWS\alcrmv.exe
2010-01-02 19:35:44 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-02 19:35:44 ----D---- C:\WINDOWS\OPTIONS
2010-01-02 19:35:40 ----D---- C:\Program Files\Common Files\InstallShield
2010-01-02 19:35:38 ----D---- C:\Program Files\Gigabyte
2010-01-02 19:34:11 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-01-02 19:34:08 ----A---- C:\WINDOWS\IsUninst.exe
2010-01-02 19:32:37 ----D---- C:\Documents and Settings\Tomba Bomba\Data aplikací\Identities
2010-01-02 19:32:36 ----HD---- C:\Program Files\Uninstall Information
2010-01-02 19:32:30 ----ASH---- C:\Documents and Settings\Tomba Bomba\Data aplikací\desktop.ini
2010-01-02 19:32:29 ----SD---- C:\Documents and Settings\Tomba Bomba\Data aplikací\Microsoft
2010-01-02 19:30:44 ----D---- C:\WINDOWS\SoftwareDistribution
2010-01-02 19:30:43 ----SD---- C:\WINDOWS\system32\Microsoft
2010-01-02 19:30:43 ----D---- C:\WINDOWS\Prefetch
2010-01-02 19:30:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-02 19:27:43 ----D---- C:\WINDOWS\system32\xircom
2010-01-02 19:27:43 ----D---- C:\Program Files\xerox
2010-01-02 19:27:43 ----D---- C:\Program Files\microsoft frontpage
2010-01-02 19:27:29 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-02 19:27:20 ----A---- C:\WINDOWS\control.ini
2010-01-02 19:27:20 ----A---- C:\AUTOEXEC.BAT
2010-01-02 19:27:06 ----A---- C:\WINDOWS\OEWABLog.txt
2010-01-02 19:27:03 ----A---- C:\WINDOWS\system32\mapi32.dll
2010-01-02 19:26:20 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-02 19:26:20 ----RD---- C:\WINDOWS\Offline Web Pages
2010-01-02 19:26:20 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-01-02 19:26:15 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-01-02 19:26:11 ----HD---- C:\Program Files\WindowsUpdate
2010-01-02 19:26:09 ----D---- C:\Program Files\Online Services
2010-01-02 19:25:57 ----D---- C:\WINDOWS\system32\DirectX
2010-01-02 19:25:40 ----A---- C:\WINDOWS\system32\atrace.dll
2010-01-02 19:25:38 ----A---- C:\WINDOWS\system32\desktop.ini
2010-01-02 19:25:38 ----A---- C:\WINDOWS\desktop.ini
2010-01-02 19:25:32 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2010-01-02 19:25:31 ----D---- C:\Program Files\Common Files\Services
2010-01-02 19:25:31 ----A---- C:\WINDOWS\system32\acctres.dll
2010-01-02 19:25:29 ----SD---- C:\WINDOWS\Tasks
2010-01-02 19:25:29 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2010-01-02 19:25:28 ----D---- C:\Program Files\Common Files\MSSoap
2010-01-02 19:25:25 ----D---- C:\WINDOWS\srchasst
2010-01-02 19:25:24 ----D---- C:\WINDOWS\system32\Macromed
2010-01-02 19:25:21 ----A---- C:\WINDOWS\system32\wuweb.dll
2010-01-02 19:25:21 ----A---- C:\WINDOWS\system32\wups.dll
2010-01-02 19:25:21 ----A---- C:\WINDOWS\system32\wucltui.dll
2010-01-02 19:25:21 ----A---- C:\WINDOWS\system32\wuauserv.dll
2010-01-02 19:25:21 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2010-01-02 19:25:21 ----A---- C:\WINDOWS\system32\wuaueng.dll
2010-01-02 19:25:21 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2010-01-02 19:25:21 ----A---- C:\WINDOWS\system32\wuauclt.exe
2010-01-02 19:25:21 ----A---- C:\WINDOWS\system32\wuapi.dll
2010-01-02 19:25:21 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2010-01-02 19:25:20 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2010-01-02 19:25:20 ----A---- C:\WINDOWS\system32\qmgr.dll
2010-01-02 19:25:20 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2010-01-02 19:25:17 ----D---- C:\Program Files\Movie Maker
2010-01-02 19:25:14 ----A---- C:\WINDOWS\system32\safrslv.dll
2010-01-02 19:25:14 ----A---- C:\WINDOWS\system32\safrdm.dll
2010-01-02 19:25:14 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2010-01-02 19:25:14 ----A---- C:\WINDOWS\system32\racpldlg.dll
2010-01-02 19:25:11 ----A---- C:\WINDOWS\system32\fltMc.exe
2010-01-02 19:25:11 ----A---- C:\WINDOWS\system32\fltlib.dll
2010-01-02 19:25:10 ----D---- C:\WINDOWS\system32\Restore
2010-01-02 19:25:10 ----A---- C:\WINDOWS\system32\srsvc.dll
2010-01-02 19:25:10 ----A---- C:\WINDOWS\system32\srrstr.dll
2010-01-02 19:25:10 ----A---- C:\WINDOWS\system32\srclient.dll
2010-01-02 19:25:10 ----A---- C:\WINDOWS\system32\mnmdd.dll
2010-01-02 19:25:10 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2010-01-02 19:25:10 ----A---- C:\WINDOWS\system32\ils.dll
2010-01-02 19:25:09 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2010-01-02 19:25:09 ----A---- C:\WINDOWS\system32\msconf.dll
2010-01-02 19:25:09 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2010-01-02 19:25:07 ----D---- C:\Program Files\NetMeeting
2010-01-02 19:25:07 ----A---- C:\WINDOWS\system32\msoert2.dll
2010-01-02 19:25:07 ----A---- C:\WINDOWS\system32\msoeacct.dll
2010-01-02 19:25:06 ----A---- C:\WINDOWS\system32\inetres.dll
2010-01-02 19:25:06 ----A---- C:\WINDOWS\system32\inetcomm.dll
2010-01-02 19:25:04 ----D---- C:\Program Files\Outlook Express
2010-01-02 19:25:04 ----A---- C:\WINDOWS\system32\schedsvc.dll
2010-01-02 19:25:04 ----A---- C:\WINDOWS\system32\mstinit.exe
2010-01-02 19:25:04 ----A---- C:\WINDOWS\system32\mstask.dll
2010-01-02 19:25:04 ----A---- C:\WINDOWS\system32\isign32.dll
2010-01-02 19:25:04 ----A---- C:\WINDOWS\system32\icwphbk.dll
2010-01-02 19:25:04 ----A---- C:\WINDOWS\system32\icwdial.dll
2010-01-02 19:25:03 ----A---- C:\WINDOWS\system32\inetcfg.dll
2010-01-02 19:24:59 ----D---- C:\Program Files\Common Files\System
2010-01-02 19:24:58 ----D---- C:\Program Files\Internet Explorer
2010-01-02 19:24:33 ----D---- C:\Program Files\ComPlus Applications
2010-01-02 19:24:31 ----A---- C:\WINDOWS\vbaddin.ini
2010-01-02 19:24:31 ----A---- C:\WINDOWS\vb.ini
2010-01-02 19:24:28 ----D---- C:\WINDOWS\Registration
2010-01-02 19:24:22 ----D---- C:\Program Files\Windows Media Player
2010-01-02 19:24:18 ----D---- C:\Program Files\Messenger
2010-01-02 19:24:15 ----D---- C:\Program Files\MSN Gaming Zone
2010-01-02 19:24:15 ----A---- C:\WINDOWS\system32\write.exe
2010-01-02 19:24:07 ----A---- C:\WINDOWS\system32\winchat.exe
2010-01-02 19:24:07 ----A---- C:\WINDOWS\system32\sndvol32.exe
2010-01-02 19:24:07 ----A---- C:\WINDOWS\system32\hticons.dll
2010-01-02 19:24:07 ----A---- C:\WINDOWS\system32\avwav.dll
2010-01-02 19:24:07 ----A---- C:\WINDOWS\system32\avtapi.dll
2010-01-02 19:24:07 ----A---- C:\WINDOWS\system32\avmeter.dll
2010-01-02 19:24:01 ----A---- C:\WINDOWS\system32\charmap.exe
2010-01-02 19:24:01 ----A---- C:\WINDOWS\system32\getuname.dll
2010-01-02 19:24:00 ----A---- C:\WINDOWS\system32\winmine.exe
2010-01-02 19:24:00 ----A---- C:\WINDOWS\system32\sol.exe
2010-01-02 19:24:00 ----A---- C:\WINDOWS\system32\mshearts.exe
2010-01-02 19:24:00 ----A---- C:\WINDOWS\system32\freecell.exe
2010-01-02 19:24:00 ----A---- C:\WINDOWS\system32\calc.exe
2010-01-02 19:23:59 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2010-01-02 19:23:59 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2010-01-02 19:23:59 ----A---- C:\WINDOWS\system32\tslabels.ini
2010-01-02 19:23:59 ----A---- C:\WINDOWS\system32\tskill.exe
2010-01-02 19:23:59 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2010-01-02 19:23:59 ----A---- C:\WINDOWS\system32\tscon.exe
2010-01-02 19:23:59 ----A---- C:\WINDOWS\system32\shadow.exe
2010-01-02 19:23:59 ----A---- C:\WINDOWS\system32\rwinsta.exe
2010-01-02 19:23:59 ----A---- C:\WINDOWS\system32\reset.exe
2010-01-02 19:23:59 ----A---- C:\WINDOWS\system32\regini.exe
2010-01-02 19:23:59 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2010-01-02 19:23:59 ----A---- C:\WINDOWS\system32\qwinsta.exe
2010-01-02 19:23:59 ----A---- C:\WINDOWS\system32\qappsrv.exe
2010-01-02 19:23:59 ----A---- C:\WINDOWS\system32\msg.exe
2010-01-02 19:23:59 ----A---- C:\WINDOWS\system32\logoff.exe
2010-01-02 19:23:58 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2010-01-02 19:23:58 ----A---- C:\WINDOWS\system32\mtxex.dll
2010-01-02 19:23:58 ----A---- C:\WINDOWS\system32\mtxdm.dll
2010-01-02 19:23:58 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2010-01-02 19:23:58 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2010-01-02 19:23:58 ----A---- C:\WINDOWS\system32\cdmodem.dll
2010-01-02 19:23:57 ----A---- C:\WINDOWS\system32\stclient.dll
2010-01-02 19:23:57 ----A---- C:\WINDOWS\system32\comsnap.dll
2010-01-02 19:23:57 ----A---- C:\WINDOWS\system32\comrepl.dll
2010-01-02 19:23:57 ----A---- C:\WINDOWS\system32\comaddin.dll
2010-01-02 19:23:53 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2010-01-02 19:23:52 ----A---- C:\WINDOWS\system32\sndrec32.exe
2010-01-02 19:23:52 ----A---- C:\WINDOWS\system32\mplay32.exe
2010-01-02 19:23:52 ----A---- C:\WINDOWS\system32\hypertrm.dll
2010-01-02 19:23:52 ----A---- C:\WINDOWS\system32\accwiz.exe
2010-01-02 19:23:51 ----D---- C:\Program Files\Windows NT
2010-01-02 19:23:51 ----A---- C:\WINDOWS\system32\spider.exe
2010-01-02 19:23:51 ----A---- C:\WINDOWS\system32\mspaint.exe
2010-01-02 19:23:51 ----A---- C:\WINDOWS\system32\clipbrd.exe
2010-01-02 19:23:50 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2010-01-02 19:23:50 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2010-01-02 19:23:50 ----A---- C:\WINDOWS\system32\sessmgr.exe
2010-01-02 19:23:50 ----A---- C:\WINDOWS\system32\remotepg.dll
2010-01-02 19:23:50 ----A---- C:\WINDOWS\system32\rdshost.exe
2010-01-02 19:23:50 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2010-01-02 19:23:50 ----A---- C:\WINDOWS\system32\rdchost.dll
2010-01-02 19:23:50 ----A---- C:\WINDOWS\system32\mstscax.dll
2010-01-02 19:23:50 ----A---- C:\WINDOWS\system32\mstsc.exe
2010-01-02 19:23:49 ----D---- C:\WINDOWS\system32\MsDtc
2010-01-02 19:23:49 ----A---- C:\WINDOWS\system32\termsrv.dll
2010-01-02 19:23:49 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2010-01-02 19:23:49 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2010-01-02 19:23:49 ----A---- C:\WINDOWS\system32\rdpclip.exe
2010-01-02 19:23:49 ----A---- C:\WINDOWS\system32\qprocess.exe
2010-01-02 19:23:49 ----A---- C:\WINDOWS\system32\mtxoci.dll
2010-01-02 19:23:49 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2010-01-02 19:23:49 ----A---- C:\WINDOWS\system32\icaapi.dll
2010-01-02 19:23:49 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2010-01-02 19:23:48 ----A---- C:\WINDOWS\system32\xolehlp.dll
2010-01-02 19:23:48 ----A---- C:\WINDOWS\system32\msdtctm.dll
2010-01-02 19:23:48 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2010-01-02 19:23:48 ----A---- C:\WINDOWS\system32\msdtclog.dll
2010-01-02 19:23:48 ----A---- C:\WINDOWS\system32\msdtc.exe
2010-01-02 19:23:47 ----D---- C:\WINDOWS\system32\Com
2010-01-02 19:23:47 ----A---- C:\WINDOWS\system32\comsvcs.dll
2010-01-02 19:23:47 ----A---- C:\WINDOWS\system32\colbact.dll
2010-01-02 19:23:47 ----A---- C:\WINDOWS\system32\clbcatex.dll
2010-01-02 19:23:47 ----A---- C:\WINDOWS\system32\catsrvut.dll
2010-01-02 19:23:47 ----A---- C:\WINDOWS\system32\catsrvps.dll
2010-01-02 19:23:47 ----A---- C:\WINDOWS\system32\catsrv.dll
2010-01-02 19:23:46 ----A---- C:\WINDOWS\system32\comuid.dll
2010-01-02 19:23:46 ----A---- C:\WINDOWS\system32\clbcatq.dll
2010-01-02 19:23:41 ----A---- C:\WINDOWS\system32\servdeps.dll
2010-01-02 19:23:41 ----A---- C:\WINDOWS\system32\mmfutil.dll
2010-01-02 19:23:41 ----A---- C:\WINDOWS\system32\licwmi.dll
2010-01-02 19:23:41 ----A---- C:\WINDOWS\system32\cmprops.dll
2010-01-02 15:33:40 ----A---- C:\WINDOWS\system32\h323log.txt
2010-01-02 15:30:27 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2010-01-02 15:30:27 ----A---- C:\WINDOWS\system32\ati3duag.dll
2010-01-02 15:30:27 ----A---- C:\WINDOWS\system32\ati3d1ag.dll
2010-01-02 15:30:27 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2010-01-02 15:30:27 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2010-01-02 15:29:59 ----A---- C:\WINDOWS\system32\usbui.dll
2010-01-02 15:29:13 ----A---- C:\WINDOWS\imsins.BAK
2010-01-02 15:29:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-02 15:29:10 ----SHD---- C:\WINDOWS\Installer
2010-01-02 15:29:10 ----D---- C:\Program Files\Common Files\ODBC
2010-01-02 15:29:10 ----A---- C:\WINDOWS\ODBCINST.INI
2010-01-02 15:29:07 ----RD---- C:\Program Files
2010-01-02 15:29:07 ----D---- C:\Program Files\Common Files\SpeechEngines
2010-01-02 15:29:07 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-02 15:29:07 ----D---- C:\Program Files\Common Files
2010-01-02 15:29:04 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2010-01-02 15:29:04 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2010-01-02 15:29:04 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2010-01-02 15:29:03 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2010-01-02 15:29:03 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2010-01-02 15:29:03 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2010-01-02 15:29:03 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2010-01-02 15:29:03 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2010-01-02 15:29:03 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2010-01-02 15:29:02 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2010-01-02 15:29:02 ----RA---- C:\WINDOWS\system32\kbdur.dll
2010-01-02 15:29:02 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2010-01-02 15:29:02 ----RA---- C:\WINDOWS\system32\kbdru.dll
2010-01-02 15:29:02 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2010-01-02 15:29:02 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2010-01-02 15:29:01 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2010-01-02 15:29:01 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2010-01-02 15:29:01 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2010-01-02 15:29:01 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2010-01-02 15:29:01 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2010-01-02 15:29:01 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2010-01-02 15:29:01 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2010-01-02 15:28:59 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2010-01-02 15:28:59 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2010-01-02 15:28:59 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2010-01-02 15:28:59 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2010-01-02 15:28:59 ----RA---- C:\WINDOWS\system32\kbdest.dll
2010-01-02 15:28:56 ----A---- C:\WINDOWS\system32\kbdycl.dll
2010-01-02 15:28:56 ----A---- C:\WINDOWS\system32\kbdsl1.dll
2010-01-02 15:28:56 ----A---- C:\WINDOWS\system32\kbdsl.dll
2010-01-02 15:28:56 ----A---- C:\WINDOWS\system32\kbdro.dll
2010-01-02 15:28:56 ----A---- C:\WINDOWS\system32\kbdpl1.dll
2010-01-02 15:28:56 ----A---- C:\WINDOWS\system32\kbdpl.dll
2010-01-02 15:28:56 ----A---- C:\WINDOWS\system32\kbdhu1.dll
2010-01-02 15:28:56 ----A---- C:\WINDOWS\system32\kbdhu.dll
2010-01-02 15:28:56 ----A---- C:\WINDOWS\system32\kbdcr.dll
2010-01-02 15:28:56 ----A---- C:\WINDOWS\system32\KBDAL.DLL
2010-01-02 15:28:55 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-01-02 15:28:55 ----A---- C:\WINDOWS\system32\irclass.dll
2010-01-02 15:28:55 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2010-01-02 15:28:55 ----A---- C:\WINDOWS\system32\dgsetup.dll
2010-01-02 15:28:55 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2010-01-02 15:28:53 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2010-01-02 15:28:53 ----A---- C:\WINDOWS\TASKMAN.EXE
2010-01-02 15:28:53 ----A---- C:\WINDOWS\system32\batt.dll
2010-01-02 15:28:52 ----A---- C:\WINDOWS\system32\storprop.dll
2010-01-02 15:28:52 ----A---- C:\WINDOWS\NOTEPAD.EXE
2010-01-02 15:28:45 ----RA---- C:\WINDOWS\SET25.tmp
2010-01-02 15:28:45 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2010-01-02 15:28:41 ----RA---- C:\WINDOWS\SET8.tmp
2010-01-02 15:28:39 ----RA---- C:\WINDOWS\SET4.tmp
2010-01-02 15:28:38 ----RA---- C:\WINDOWS\SET3.tmp
2010-01-02 15:28:32 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-02 15:28:32 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-02 15:28:27 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-01-02 15:28:10 ----A---- C:\WINDOWS\setuplog.txt
2010-01-02 15:28:07 ----SHD---- C:\System Volume Information
2010-01-02 15:28:07 ----D---- C:\Documents and Settings
2010-01-02 15:27:11 ----SH---- C:\boot.ini
2010-01-02 15:23:36 ----D---- C:\WINDOWS\OemDir
2010-01-02 15:23:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-02 15:23:34 ----RSD---- C:\WINDOWS\Fonts
2010-01-02 15:23:34 ----RD---- C:\WINDOWS\Web
2010-01-02 15:23:34 ----HD---- C:\WINDOWS\inf
2010-01-02 15:23:34 ----D---- C:\WINDOWS\WinSxS
2010-01-02 15:23:34 ----D---- C:\WINDOWS\twain_32
2010-01-02 15:23:34 ----D---- C:\WINDOWS\Temp
2010-01-02 15:23:34 ----D---- C:\WINDOWS\system32\wins
2010-01-02 15:23:34 ----D---- C:\WINDOWS\system32\wbem
2010-01-02 15:23:34 ----D---- C:\WINDOWS\system32\usmt
2010-01-02 15:23:34 ----D---- C:\WINDOWS\system32\spool
2010-01-02 15:23:34 ----D---- C:\WINDOWS\system32\ShellExt
2010-01-02 15:23:34 ----D---- C:\WINDOWS\system32\Setup
2010-01-02 15:23:34 ----D---- C:\WINDOWS\system32\ras
2010-01-02 15:23:34 ----D---- C:\WINDOWS\system32\oobe
2010-01-02 15:23:34 ----D---- C:\WINDOWS\system32\npp
2010-01-02 15:23:34 ----D---- C:\WINDOWS\system32\mui
2010-01-02 15:23:34 ----D---- C:\WINDOWS\system32\inetsrv
2010-01-02 15:23:34 ----D---- C:\WINDOWS\system32\IME
2010-01-02 15:23:34 ----D---- C:\WINDOWS\system32\icsxml
2010-01-02 15:23:34 ----D---- C:\WINDOWS\system32\ias
2010-01-02 15:23:34 ----D---- C:\WINDOWS\system32\export
2010-01-02 15:23:34 ----D---- C:\WINDOWS\system32\drivers
2010-01-02 15:23:34 ----D---- C:\WINDOWS\system32\dhcp
2010-01-02 15:23:34 ----D---- C:\WINDOWS\system32\config
2010-01-02 15:23:34 ----D---- C:\WINDOWS\system32\3com_dmi
2010-01-02 15:23:34 ----D---- C:\WINDOWS\system32\3076
2010-01-02 15:23:34 ----D---- C:\WINDOWS\system32\2052
2010-01-02 15:23:34 ----D---- C:\WINDOWS\system32\1054
2010-01-02 15:23:34 ----D---- C:\WINDOWS\system32\1042
2010-01-02 15:23:34 ----D---- C:\WINDOWS\system32\1041
2010-01-02 15:23:34 ----D---- C:\WINDOWS\system32\1037
2010-01-02 15:23:34 ----D---- C:\WINDOWS\system32\1033
2010-01-02 15:23:34 ----D---- C:\WINDOWS\system32\1031
2010-01-02 15:23:34 ----D---- C:\WINDOWS\system32\1029
2010-01-02 15:23:34 ----D---- C:\WINDOWS\system32\1028
2010-01-02 15:23:34 ----D---- C:\WINDOWS\system32\1025
2010-01-02 15:23:34 ----D---- C:\WINDOWS\system32
2010-01-02 15:23:34 ----D---- C:\WINDOWS\system
2010-01-02 15:23:34 ----D---- C:\WINDOWS\security
2010-01-02 15:23:34 ----D---- C:\WINDOWS\Resources
2010-01-02 15:23:34 ----D---- C:\WINDOWS\repair
2010-01-02 15:23:34 ----D---- C:\WINDOWS\Provisioning
2010-01-02 15:23:34 ----D---- C:\WINDOWS\pchealth
2010-01-02 15:23:34 ----D---- C:\WINDOWS\PeerNet
2010-01-02 15:23:34 ----D---- C:\WINDOWS\mui
2010-01-02 15:23:34 ----D---- C:\WINDOWS\msapps
2010-01-02 15:23:34 ----D---- C:\WINDOWS\msagent
2010-01-02 15:23:34 ----D---- C:\WINDOWS\Media
2010-01-02 15:23:34 ----D---- C:\WINDOWS\java
2010-01-02 15:23:34 ----D---- C:\WINDOWS\ime
2010-01-02 15:23:34 ----D---- C:\WINDOWS\Help
2010-01-02 15:23:34 ----D---- C:\WINDOWS\ehome
2010-01-02 15:23:34 ----D---- C:\WINDOWS\Driver Cache
2010-01-02 15:23:34 ----D---- C:\WINDOWS\Debug
2010-01-02 15:23:34 ----D---- C:\WINDOWS\Cursors
2010-01-02 15:23:34 ----D---- C:\WINDOWS\Connection Wizard
2010-01-02 15:23:34 ----D---- C:\WINDOWS\Config
2010-01-02 15:23:34 ----D---- C:\WINDOWS\AppPatch
2010-01-02 15:23:34 ----D---- C:\WINDOWS\addins
2010-01-02 15:23:34 ----D---- C:\WINDOWS
======List of files/folders modified in the last 1 months======
2010-01-03 17:31:50 ----A---- C:\WINDOWS\win.ini
2010-01-03 17:16:40 ----A---- C:\WINDOWS\system.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-11-16 55768]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-11-16 135048]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-11 391424]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-01-09 601100]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-04-22 729088]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-06-19 33096]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 mf;mf; C:\WINDOWS\system32\DRIVERS\mf.sys [2004-08-17 63744]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-12-31 69504]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
S3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-03 38016]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-17 274304]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2006-05-29 8704]
S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2006-05-29 13312]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2006-05-29 127488]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-04-22 397312]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-08-16 222968]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-12 153376]
R3 ServiceLayer;ServiceLayer; C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-06-05 174080]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-04-21 516096]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-01-30 1181328]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-11-16 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
win32/olmarik v operační paměti
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: win32/olmarik v operační paměti
nehlasi, nic jineho nez to co jsem psal v prvnim prispevku a to je: Operační paměť - Win32/Olmarik trojský kůň - nelze léčit
Re: win32/olmarik v operační paměti
RkUnhooker report generator v0.7
==============================================
Rootkit Unhooker kernel version: 3.8.386.588
==============================================
Windows Major Version: 5
Windows Minor Version: 1
Windows Build Number: 2600
==============================================
>SSDT State
NtOpenProcess
Actual Address 0x81928CB0
Hooked by: Unknown module filename
NtOpenThread
Actual Address 0x819290D0
Hooked by: Unknown module filename
NtSuspendProcess
Actual Address 0x819296D0
Hooked by: Unknown module filename
NtSuspendThread
Actual Address 0x819294F0
Hooked by: Unknown module filename
NtTerminateProcess
Actual Address 0x81928EE0
Hooked by: Unknown module filename
NtTerminateThread
Actual Address 0x81929310
Hooked by: Unknown module filename
==============================================
>Shadow
==============================================
>Processes
Process: System
Process Id: 4
EPROCESS Address: 0x823CA7C0
Process: C:\Program Files\VIA\RAID\raid_tool.exe
Process Id: 140
EPROCESS Address: 0x82099020
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 216
EPROCESS Address: 0x820C9DA0
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 460
EPROCESS Address: 0x821616E0
Process: C:\Program Files\ESET\ESET Smart Security\ekrn.exe
Process Id: 468
EPROCESS Address: 0x81F9A338
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 528
EPROCESS Address: 0x821D9C08
Process: C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
Process Id: 624
EPROCESS Address: 0x82038DA0
Process: C:\Program Files\ICQ6Toolbar\ICQ Service.exe
Process Id: 668
EPROCESS Address: 0x81FBBDA0
Process: C:\Program Files\Java\jre6\bin\jqs.exe
Process Id: 692
EPROCESS Address: 0x81FC3510
Process: C:\WINDOWS\system32\spoolsv.exe
Process Id: 784
EPROCESS Address: 0x81FE1238
Process: C:\WINDOWS\system32\wscntfy.exe
Process Id: 884
EPROCESS Address: 0x815D5B88
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 952
EPROCESS Address: 0x821B3DA0
Process: C:\WINDOWS\system32\smss.exe
Process Id: 1024
EPROCESS Address: 0x81DDF678
Process: C:\WINDOWS\system32\csrss.exe
Process Id: 1144
EPROCESS Address: 0x81DC1770
Process: C:\WINDOWS\system32\winlogon.exe
Process Id: 1168
EPROCESS Address: 0x821C1908
Process: C:\WINDOWS\system32\services.exe
Process Id: 1212
EPROCESS Address: 0x81D53770
Process: C:\WINDOWS\system32\lsass.exe
Process Id: 1224
EPROCESS Address: 0x82006DA0
Process: C:\WINDOWS\system32\ati2evxx.exe
Process Id: 1392
EPROCESS Address: 0x81DC0770
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1416
EPROCESS Address: 0x81FEBA30
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1528
EPROCESS Address: 0x82095DA0
Process: C:\WINDOWS\system32\ati2evxx.exe
Process Id: 1720
EPROCESS Address: 0x8219CDA0
Process: C:\WINDOWS\explorer.exe
Process Id: 1772
EPROCESS Address: 0x82074408
Process: C:\WINDOWS\SOUNDMAN.EXE
Process Id: 1872
EPROCESS Address: 0x8202CA30
Process: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Process Id: 1884
EPROCESS Address: 0x820CDA50
Process: C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
Process Id: 1916
EPROCESS Address: 0x81F98A00
Process: C:\WINDOWS\system32\rundll32.exe
Process Id: 1924
EPROCESS Address: 0x82028DA0
Process: C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
Process Id: 1932
EPROCESS Address: 0x8202F9D8
Process: C:\Program Files\Java\jre6\bin\jusched.exe
Process Id: 1940
EPROCESS Address: 0x82109258
Process: C:\Program Files\ESET\ESET Smart Security\egui.exe
Process Id: 1952
EPROCESS Address: 0x82071888
Process: C:\WINDOWS\system32\ctfmon.exe
Process Id: 1960
EPROCESS Address: 0x820F91D0
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1984
EPROCESS Address: 0x81E1E770
Process: C:\WINDOWS\system32\notepad.exe
Process Id: 2180
EPROCESS Address: 0x81FAA9A0
Process: C:\WINDOWS\system32\alg.exe
Process Id: 2664
EPROCESS Address: 0x815B1020
Process: D:\Program files\Mozilla Firefox\firefox.exe
Process Id: 3020
EPROCESS Address: 0x81526380
Process: C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
Process Id: 3284
EPROCESS Address: 0x8196EB28
Process: C:\WINDOWS\system32\notepad.exe
Process Id: 3684
EPROCESS Address: 0x821B5A80
Process: C:\WINDOWS\system32\notepad.exe
Process Id: 3816
EPROCESS Address: 0x8214C788
Process: C:\RK\581bxeeaSuovGvam3.exe
Process Id: 3948
EPROCESS Address: 0x820C6020
==============================================
>Drivers
Driver: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000
Size: 2059008 bytes
Driver: PnpManager
Address: 0x804D7000
Size: 2059008 bytes
Driver: RAW
Address: 0x804D7000
Size: 2059008 bytes
Driver: WMIxWDM
Address: 0x804D7000
Size: 2059008 bytes
Driver: C:\WINDOWS\System32\ati3duag.dll
Address: 0xBFA44000
Size: 1916928 bytes
Driver: Win32k
Address: 0xBF800000
Size: 1839104 bytes
Driver: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000
Size: 1839104 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Address: 0xF8251000
Size: 839680 bytes
Driver: C:\WINDOWS\system32\DRIVERS\eamon.sys
Address: 0xA2AEA000
Size: 835584 bytes
Driver: C:\WINDOWS\system32\drivers\ALCXWDM.SYS
Address: 0xF6E9E000
Size: 593920 bytes
Driver: Ntfs.sys
Address: 0xF83AE000
Size: 577536 bytes
Driver: C:\WINDOWS\System32\ativvaxx.dll
Address: 0xBFC18000
Size: 507904 bytes
Driver: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xA2C96000
Size: 454656 bytes
Driver: C:\WINDOWS\system32\drivers\ALCXSENS.SYS
Address: 0xF6E1A000
Size: 393216 bytes
Driver: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xA2DAF000
Size: 360448 bytes
Driver: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xA2274000
Size: 339968 bytes
Driver: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000
Size: 286720 bytes
Driver: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA1E4B000
Size: 266240 bytes
Driver: C:\WINDOWS\System32\ati2cqag.dll
Address: 0xBFA0A000
Size: 237568 bytes
Driver: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBF9D3000
Size: 225280 bytes
Driver: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF6CA0000
Size: 212992 bytes
Driver: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xF6CD4000
Size: 200704 bytes
Driver: ACPI.sys
Address: 0xF8536000
Size: 188416 bytes
Driver: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xA23B7000
Size: 184320 bytes
Driver: NDIS.sys
Address: 0xF8381000
Size: 184320 bytes
Driver: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xA2D05000
Size: 180224 bytes
Driver: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xA1CDF000
Size: 172032 bytes
Driver: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xA2D53000
Size: 163840 bytes
Driver: dmio.sys
Address: 0xF84E0000
Size: 155648 bytes
Driver: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xF6E7A000
Size: 147456 bytes
Driver: C:\WINDOWS\system32\DRIVERS\epfw.sys
Address: 0xA2A9F000
Size: 143360 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF6F52000
Size: 143360 bytes
Driver: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF6F2F000
Size: 143360 bytes
Driver: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xA2D31000
Size: 139264 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xA2D7B000
Size: 135168 bytes
Driver: ACPI_HAL
Address: 0x806CE000
Size: 131968 bytes
Driver: C:\WINDOWS\system32\hal.dll
Address: 0x806CE000
Size: 131968 bytes
Driver: fltMgr.sys
Address: 0xF8464000
Size: 126976 bytes
Driver: ftdisk.sys
Address: 0xF8506000
Size: 126976 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ehdrv.sys
Address: 0xA2E5B000
Size: 118784 bytes
Driver: Mup.sys
Address: 0xF8366000
Size: 110592 bytes
Driver: viamraid.sys
Address: 0xF84AE000
Size: 106496 bytes
Driver: atapi.sys
Address: 0xF84C8000
Size: 98304 bytes
Driver: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA2C7E000
Size: 98304 bytes
Driver: C:\WINDOWS\system32\drivers\SCSIPORT.SYS
Address: 0xF8496000
Size: 98304 bytes
Driver: KSecDD.sys
Address: 0xF843B000
Size: 94208 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF6D3E000
Size: 94208 bytes
Driver: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA27BA000
Size: 86016 bytes
Driver: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xF6DF5000
Size: 81920 bytes
Driver: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF6F75000
Size: 81920 bytes
Driver: C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
Address: 0xA2D9C000
Size: 77824 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xA2E07000
Size: 77824 bytes
Driver: viasraid.sys
Address: 0xF8483000
Size: 77824 bytes
Driver: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C1000
Size: 73728 bytes
Driver: sr.sys
Address: 0xF8452000
Size: 73728 bytes
Driver: pci.sys
Address: 0xF8525000
Size: 69632 bytes
Driver: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF6D2D000
Size: 69632 bytes
Driver: C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys
Address: 0xF6E09000
Size: 69632 bytes
Driver: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF87F5000
Size: 65536 bytes
Driver: C:\WINDOWS\system32\DRIVERS\mf.sys
Address: 0xF8845000
Size: 65536 bytes
Driver: C:\WINDOWS\system32\DRIVERS\nic1394.sys
Address: 0xF8895000
Size: 65536 bytes
Driver: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xF88A5000
Size: 65536 bytes
Driver: C:\WINDOWS\system32\DRIVERS\arp1394.sys
Address: 0xF87D5000
Size: 61440 bytes
Driver: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF8885000
Size: 61440 bytes
Driver: Lbd.sys
Address: 0xF86D5000
Size: 61440 bytes
Driver: ohci1394.sys
Address: 0xF8675000
Size: 61440 bytes
Driver: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF8875000
Size: 61440 bytes
Driver: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xA2A37000
Size: 61440 bytes
Driver: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF8785000
Size: 61440 bytes
Driver: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xF8685000
Size: 53248 bytes
Driver: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF8865000
Size: 53248 bytes
Driver: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF86C5000
Size: 53248 bytes
Driver: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF88B5000
Size: 53248 bytes
Driver: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF88D5000
Size: 53248 bytes
Driver: VolSnap.sys
Address: 0xF86A5000
Size: 53248 bytes
Driver: gagp30kx.sys
Address: 0xF86E5000
Size: 49152 bytes
Driver: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF8725000
Size: 49152 bytes
Driver: C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
Address: 0xF88C5000
Size: 45056 bytes
Driver: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF8855000
Size: 45056 bytes
Driver: MountMgr.sys
Address: 0xF8695000
Size: 45056 bytes
Driver: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF8715000
Size: 45056 bytes
Driver: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF8775000
Size: 40960 bytes
Driver: C:\WINDOWS\system32\DRIVERS\processr.sys
Address: 0xF8835000
Size: 40960 bytes
Driver: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF8745000
Size: 40960 bytes
Driver: disk.sys
Address: 0xF86B5000
Size: 36864 bytes
Driver: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF87C5000
Size: 36864 bytes
Driver: isapnp.sys
Address: 0xF8665000
Size: 36864 bytes
Driver: C:\WINDOWS\System32\Drivers\kardelia.SYS
Address: 0xA2967000
Size: 36864 bytes
Driver: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF8735000
Size: 36864 bytes
Driver: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF87B5000
Size: 36864 bytes
Driver: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF87A5000
Size: 36864 bytes
Driver: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF8A15000
Size: 32768 bytes
Driver: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xF89BD000
Size: 28672 bytes
Driver: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF88E5000
Size: 28672 bytes
Driver: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF89B5000
Size: 28672 bytes
Driver: viaagp1.sys
Address: 0xF88F5000
Size: 28672 bytes
Driver: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF89CD000
Size: 24576 bytes
Driver: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF89C5000
Size: 24576 bytes
Driver: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF8A05000
Size: 24576 bytes
Driver: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xF89F5000
Size: 20480 bytes
Driver: C:\WINDOWS\system32\DRIVERS\hamachi.sys
Address: 0xF89ED000
Size: 20480 bytes
Driver: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF8A0D000
Size: 20480 bytes
Driver: PartMgr.sys
Address: 0xF88ED000
Size: 20480 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF89DD000
Size: 20480 bytes
Driver: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF89E5000
Size: 20480 bytes
Driver: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF89D5000
Size: 20480 bytes
Driver: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF89AD000
Size: 20480 bytes
Driver: C:\WINDOWS\System32\watchdog.sys
Address: 0xF8A25000
Size: 20480 bytes
Driver: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF8B49000
Size: 16384 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xA2AE6000
Size: 16384 bytes
Driver: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xF8B25000
Size: 16384 bytes
Driver: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF8A75000
Size: 12288 bytes
Driver: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xA2EBC000
Size: 12288 bytes
Driver: C:\WINDOWS\system32\DRIVERS\gameenum.sys
Address: 0xF8B29000
Size: 12288 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF8B2D000
Size: 12288 bytes
Driver: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xA2EF0000
Size: 12288 bytes
Driver: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF8B87000
Size: 8192 bytes
Driver: dmload.sys
Address: 0xF8B6B000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8B95000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF8B85000
Size: 8192 bytes
Driver: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF8B65000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF8B89000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF8C29000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF8B8B000
Size: 8192 bytes
Driver: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF8B81000
Size: 8192 bytes
Driver: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF8B83000
Size: 8192 bytes
Driver: viaide.sys
Address: 0xF8B69000
Size: 8192 bytes
Driver: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF8B67000
Size: 8192 bytes
Driver: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF8CF1000
Size: 4096 bytes
Driver: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF8D18000
Size: 4096 bytes
Driver: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF8D2F000
Size: 4096 bytes
==============================================
>Stealth
Unknown page with executable code
Address: 0x81B3AB6E
Size: 1170
Unknown page with executable code
Address: 0x81B41F66
Size: 154
Unknown page with executable code
Address: 0x81926550
Size: 2736
Unknown page with executable code
Address: 0x81B3C4D5
Size: 2859
Hidden Image-->kbiwkmyspayvpa.dll [ EPROCESS 0x82074408 ] PID: 1772
Address: 0x10000000
Size: 28672
Hidden Image-->kbiwkmyspayvpa.dll [ EPROCESS 0x81526380 ] PID: 3020
Address: 0x01060000
Size: 28672
Unknown page with executable code
Address: 0xA2E1D1F2
Size: 3598
Hidden Image-->kbiwkmdxlvvkmt.dll [ EPROCESS 0x81FEBA30 ] PID: 1416
Address: 0x10000000
Size: 53248
Unknown thread object [ ETHREAD 0x81CAA958 ] TID: 560
Address: 0x81B395F0
Size: 600
Unknown thread object [ ETHREAD 0x81CC5B30 ] TID: 568
Address: 0x81927930
Size: 600
==============================================
>Files
Suspect File: C:\WINDOWS\system32\drivers\kbiwkmqbrntoql.sys Status: Hidden
Suspect File: C:\WINDOWS\system32\kbiwkmdxlvvkmt.dll Status: Hidden
Suspect File: C:\WINDOWS\system32\kbiwkmluicoebf.dat Status: Hidden
Suspect File: C:\WINDOWS\system32\kbiwkmyspayvpa.dll Status: Hidden
==============================================
>Hooks
ntkrnlpa.exe+0x00069C2A, Type: Inline - RelativeJump 0x80540C2A [ntkrnlpa.exe]
ntkrnlpa.exe-->IofCallDriver, Type: Inline - RelativeJump 0x804EDE00 [unknown_code_page]
ntkrnlpa.exe-->IofCompleteRequest, Type: Inline - RelativeJump 0x804EDE90 [unknown_code_page]
ntkrnlpa.exe-->NtEnumerateKey, Type: Inline - RelativeJump 0x80619412 [unknown_code_page]
ntkrnlpa.exe-->NtFlushInstructionCache, Type: Inline - RelativeJump 0x805AA912 [unknown_code_page]
ntkrnlpa.exe-->NtSaveKey, Type: Inline - RelativeJump 0x8061707C [unknown_code_page]
ntkrnlpa.exe-->NtSaveKeyEx, Type: Inline - RelativeJump 0x8061710C [unknown_code_page]
[1772]explorer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9161CA [unknown_code_page]
[468]ekrn.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x7C810386 [unknown_code_page]
==============================================
Rootkit Unhooker kernel version: 3.8.386.588
==============================================
Windows Major Version: 5
Windows Minor Version: 1
Windows Build Number: 2600
==============================================
>SSDT State
NtOpenProcess
Actual Address 0x81928CB0
Hooked by: Unknown module filename
NtOpenThread
Actual Address 0x819290D0
Hooked by: Unknown module filename
NtSuspendProcess
Actual Address 0x819296D0
Hooked by: Unknown module filename
NtSuspendThread
Actual Address 0x819294F0
Hooked by: Unknown module filename
NtTerminateProcess
Actual Address 0x81928EE0
Hooked by: Unknown module filename
NtTerminateThread
Actual Address 0x81929310
Hooked by: Unknown module filename
==============================================
>Shadow
==============================================
>Processes
Process: System
Process Id: 4
EPROCESS Address: 0x823CA7C0
Process: C:\Program Files\VIA\RAID\raid_tool.exe
Process Id: 140
EPROCESS Address: 0x82099020
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 216
EPROCESS Address: 0x820C9DA0
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 460
EPROCESS Address: 0x821616E0
Process: C:\Program Files\ESET\ESET Smart Security\ekrn.exe
Process Id: 468
EPROCESS Address: 0x81F9A338
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 528
EPROCESS Address: 0x821D9C08
Process: C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
Process Id: 624
EPROCESS Address: 0x82038DA0
Process: C:\Program Files\ICQ6Toolbar\ICQ Service.exe
Process Id: 668
EPROCESS Address: 0x81FBBDA0
Process: C:\Program Files\Java\jre6\bin\jqs.exe
Process Id: 692
EPROCESS Address: 0x81FC3510
Process: C:\WINDOWS\system32\spoolsv.exe
Process Id: 784
EPROCESS Address: 0x81FE1238
Process: C:\WINDOWS\system32\wscntfy.exe
Process Id: 884
EPROCESS Address: 0x815D5B88
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 952
EPROCESS Address: 0x821B3DA0
Process: C:\WINDOWS\system32\smss.exe
Process Id: 1024
EPROCESS Address: 0x81DDF678
Process: C:\WINDOWS\system32\csrss.exe
Process Id: 1144
EPROCESS Address: 0x81DC1770
Process: C:\WINDOWS\system32\winlogon.exe
Process Id: 1168
EPROCESS Address: 0x821C1908
Process: C:\WINDOWS\system32\services.exe
Process Id: 1212
EPROCESS Address: 0x81D53770
Process: C:\WINDOWS\system32\lsass.exe
Process Id: 1224
EPROCESS Address: 0x82006DA0
Process: C:\WINDOWS\system32\ati2evxx.exe
Process Id: 1392
EPROCESS Address: 0x81DC0770
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1416
EPROCESS Address: 0x81FEBA30
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1528
EPROCESS Address: 0x82095DA0
Process: C:\WINDOWS\system32\ati2evxx.exe
Process Id: 1720
EPROCESS Address: 0x8219CDA0
Process: C:\WINDOWS\explorer.exe
Process Id: 1772
EPROCESS Address: 0x82074408
Process: C:\WINDOWS\SOUNDMAN.EXE
Process Id: 1872
EPROCESS Address: 0x8202CA30
Process: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Process Id: 1884
EPROCESS Address: 0x820CDA50
Process: C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
Process Id: 1916
EPROCESS Address: 0x81F98A00
Process: C:\WINDOWS\system32\rundll32.exe
Process Id: 1924
EPROCESS Address: 0x82028DA0
Process: C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
Process Id: 1932
EPROCESS Address: 0x8202F9D8
Process: C:\Program Files\Java\jre6\bin\jusched.exe
Process Id: 1940
EPROCESS Address: 0x82109258
Process: C:\Program Files\ESET\ESET Smart Security\egui.exe
Process Id: 1952
EPROCESS Address: 0x82071888
Process: C:\WINDOWS\system32\ctfmon.exe
Process Id: 1960
EPROCESS Address: 0x820F91D0
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1984
EPROCESS Address: 0x81E1E770
Process: C:\WINDOWS\system32\notepad.exe
Process Id: 2180
EPROCESS Address: 0x81FAA9A0
Process: C:\WINDOWS\system32\alg.exe
Process Id: 2664
EPROCESS Address: 0x815B1020
Process: D:\Program files\Mozilla Firefox\firefox.exe
Process Id: 3020
EPROCESS Address: 0x81526380
Process: C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
Process Id: 3284
EPROCESS Address: 0x8196EB28
Process: C:\WINDOWS\system32\notepad.exe
Process Id: 3684
EPROCESS Address: 0x821B5A80
Process: C:\WINDOWS\system32\notepad.exe
Process Id: 3816
EPROCESS Address: 0x8214C788
Process: C:\RK\581bxeeaSuovGvam3.exe
Process Id: 3948
EPROCESS Address: 0x820C6020
==============================================
>Drivers
Driver: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000
Size: 2059008 bytes
Driver: PnpManager
Address: 0x804D7000
Size: 2059008 bytes
Driver: RAW
Address: 0x804D7000
Size: 2059008 bytes
Driver: WMIxWDM
Address: 0x804D7000
Size: 2059008 bytes
Driver: C:\WINDOWS\System32\ati3duag.dll
Address: 0xBFA44000
Size: 1916928 bytes
Driver: Win32k
Address: 0xBF800000
Size: 1839104 bytes
Driver: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000
Size: 1839104 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Address: 0xF8251000
Size: 839680 bytes
Driver: C:\WINDOWS\system32\DRIVERS\eamon.sys
Address: 0xA2AEA000
Size: 835584 bytes
Driver: C:\WINDOWS\system32\drivers\ALCXWDM.SYS
Address: 0xF6E9E000
Size: 593920 bytes
Driver: Ntfs.sys
Address: 0xF83AE000
Size: 577536 bytes
Driver: C:\WINDOWS\System32\ativvaxx.dll
Address: 0xBFC18000
Size: 507904 bytes
Driver: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xA2C96000
Size: 454656 bytes
Driver: C:\WINDOWS\system32\drivers\ALCXSENS.SYS
Address: 0xF6E1A000
Size: 393216 bytes
Driver: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xA2DAF000
Size: 360448 bytes
Driver: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xA2274000
Size: 339968 bytes
Driver: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000
Size: 286720 bytes
Driver: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA1E4B000
Size: 266240 bytes
Driver: C:\WINDOWS\System32\ati2cqag.dll
Address: 0xBFA0A000
Size: 237568 bytes
Driver: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBF9D3000
Size: 225280 bytes
Driver: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF6CA0000
Size: 212992 bytes
Driver: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xF6CD4000
Size: 200704 bytes
Driver: ACPI.sys
Address: 0xF8536000
Size: 188416 bytes
Driver: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xA23B7000
Size: 184320 bytes
Driver: NDIS.sys
Address: 0xF8381000
Size: 184320 bytes
Driver: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xA2D05000
Size: 180224 bytes
Driver: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xA1CDF000
Size: 172032 bytes
Driver: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xA2D53000
Size: 163840 bytes
Driver: dmio.sys
Address: 0xF84E0000
Size: 155648 bytes
Driver: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xF6E7A000
Size: 147456 bytes
Driver: C:\WINDOWS\system32\DRIVERS\epfw.sys
Address: 0xA2A9F000
Size: 143360 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF6F52000
Size: 143360 bytes
Driver: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF6F2F000
Size: 143360 bytes
Driver: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xA2D31000
Size: 139264 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xA2D7B000
Size: 135168 bytes
Driver: ACPI_HAL
Address: 0x806CE000
Size: 131968 bytes
Driver: C:\WINDOWS\system32\hal.dll
Address: 0x806CE000
Size: 131968 bytes
Driver: fltMgr.sys
Address: 0xF8464000
Size: 126976 bytes
Driver: ftdisk.sys
Address: 0xF8506000
Size: 126976 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ehdrv.sys
Address: 0xA2E5B000
Size: 118784 bytes
Driver: Mup.sys
Address: 0xF8366000
Size: 110592 bytes
Driver: viamraid.sys
Address: 0xF84AE000
Size: 106496 bytes
Driver: atapi.sys
Address: 0xF84C8000
Size: 98304 bytes
Driver: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA2C7E000
Size: 98304 bytes
Driver: C:\WINDOWS\system32\drivers\SCSIPORT.SYS
Address: 0xF8496000
Size: 98304 bytes
Driver: KSecDD.sys
Address: 0xF843B000
Size: 94208 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF6D3E000
Size: 94208 bytes
Driver: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA27BA000
Size: 86016 bytes
Driver: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xF6DF5000
Size: 81920 bytes
Driver: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF6F75000
Size: 81920 bytes
Driver: C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
Address: 0xA2D9C000
Size: 77824 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xA2E07000
Size: 77824 bytes
Driver: viasraid.sys
Address: 0xF8483000
Size: 77824 bytes
Driver: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C1000
Size: 73728 bytes
Driver: sr.sys
Address: 0xF8452000
Size: 73728 bytes
Driver: pci.sys
Address: 0xF8525000
Size: 69632 bytes
Driver: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF6D2D000
Size: 69632 bytes
Driver: C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys
Address: 0xF6E09000
Size: 69632 bytes
Driver: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF87F5000
Size: 65536 bytes
Driver: C:\WINDOWS\system32\DRIVERS\mf.sys
Address: 0xF8845000
Size: 65536 bytes
Driver: C:\WINDOWS\system32\DRIVERS\nic1394.sys
Address: 0xF8895000
Size: 65536 bytes
Driver: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xF88A5000
Size: 65536 bytes
Driver: C:\WINDOWS\system32\DRIVERS\arp1394.sys
Address: 0xF87D5000
Size: 61440 bytes
Driver: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF8885000
Size: 61440 bytes
Driver: Lbd.sys
Address: 0xF86D5000
Size: 61440 bytes
Driver: ohci1394.sys
Address: 0xF8675000
Size: 61440 bytes
Driver: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF8875000
Size: 61440 bytes
Driver: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xA2A37000
Size: 61440 bytes
Driver: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF8785000
Size: 61440 bytes
Driver: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xF8685000
Size: 53248 bytes
Driver: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF8865000
Size: 53248 bytes
Driver: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF86C5000
Size: 53248 bytes
Driver: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF88B5000
Size: 53248 bytes
Driver: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF88D5000
Size: 53248 bytes
Driver: VolSnap.sys
Address: 0xF86A5000
Size: 53248 bytes
Driver: gagp30kx.sys
Address: 0xF86E5000
Size: 49152 bytes
Driver: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF8725000
Size: 49152 bytes
Driver: C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
Address: 0xF88C5000
Size: 45056 bytes
Driver: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF8855000
Size: 45056 bytes
Driver: MountMgr.sys
Address: 0xF8695000
Size: 45056 bytes
Driver: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF8715000
Size: 45056 bytes
Driver: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF8775000
Size: 40960 bytes
Driver: C:\WINDOWS\system32\DRIVERS\processr.sys
Address: 0xF8835000
Size: 40960 bytes
Driver: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF8745000
Size: 40960 bytes
Driver: disk.sys
Address: 0xF86B5000
Size: 36864 bytes
Driver: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF87C5000
Size: 36864 bytes
Driver: isapnp.sys
Address: 0xF8665000
Size: 36864 bytes
Driver: C:\WINDOWS\System32\Drivers\kardelia.SYS
Address: 0xA2967000
Size: 36864 bytes
Driver: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF8735000
Size: 36864 bytes
Driver: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF87B5000
Size: 36864 bytes
Driver: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF87A5000
Size: 36864 bytes
Driver: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF8A15000
Size: 32768 bytes
Driver: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xF89BD000
Size: 28672 bytes
Driver: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF88E5000
Size: 28672 bytes
Driver: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF89B5000
Size: 28672 bytes
Driver: viaagp1.sys
Address: 0xF88F5000
Size: 28672 bytes
Driver: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF89CD000
Size: 24576 bytes
Driver: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF89C5000
Size: 24576 bytes
Driver: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF8A05000
Size: 24576 bytes
Driver: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xF89F5000
Size: 20480 bytes
Driver: C:\WINDOWS\system32\DRIVERS\hamachi.sys
Address: 0xF89ED000
Size: 20480 bytes
Driver: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF8A0D000
Size: 20480 bytes
Driver: PartMgr.sys
Address: 0xF88ED000
Size: 20480 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF89DD000
Size: 20480 bytes
Driver: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF89E5000
Size: 20480 bytes
Driver: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF89D5000
Size: 20480 bytes
Driver: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF89AD000
Size: 20480 bytes
Driver: C:\WINDOWS\System32\watchdog.sys
Address: 0xF8A25000
Size: 20480 bytes
Driver: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF8B49000
Size: 16384 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xA2AE6000
Size: 16384 bytes
Driver: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xF8B25000
Size: 16384 bytes
Driver: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF8A75000
Size: 12288 bytes
Driver: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xA2EBC000
Size: 12288 bytes
Driver: C:\WINDOWS\system32\DRIVERS\gameenum.sys
Address: 0xF8B29000
Size: 12288 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF8B2D000
Size: 12288 bytes
Driver: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xA2EF0000
Size: 12288 bytes
Driver: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF8B87000
Size: 8192 bytes
Driver: dmload.sys
Address: 0xF8B6B000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8B95000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF8B85000
Size: 8192 bytes
Driver: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF8B65000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF8B89000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF8C29000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF8B8B000
Size: 8192 bytes
Driver: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF8B81000
Size: 8192 bytes
Driver: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF8B83000
Size: 8192 bytes
Driver: viaide.sys
Address: 0xF8B69000
Size: 8192 bytes
Driver: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF8B67000
Size: 8192 bytes
Driver: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF8CF1000
Size: 4096 bytes
Driver: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF8D18000
Size: 4096 bytes
Driver: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF8D2F000
Size: 4096 bytes
==============================================
>Stealth
Unknown page with executable code
Address: 0x81B3AB6E
Size: 1170
Unknown page with executable code
Address: 0x81B41F66
Size: 154
Unknown page with executable code
Address: 0x81926550
Size: 2736
Unknown page with executable code
Address: 0x81B3C4D5
Size: 2859
Hidden Image-->kbiwkmyspayvpa.dll [ EPROCESS 0x82074408 ] PID: 1772
Address: 0x10000000
Size: 28672
Hidden Image-->kbiwkmyspayvpa.dll [ EPROCESS 0x81526380 ] PID: 3020
Address: 0x01060000
Size: 28672
Unknown page with executable code
Address: 0xA2E1D1F2
Size: 3598
Hidden Image-->kbiwkmdxlvvkmt.dll [ EPROCESS 0x81FEBA30 ] PID: 1416
Address: 0x10000000
Size: 53248
Unknown thread object [ ETHREAD 0x81CAA958 ] TID: 560
Address: 0x81B395F0
Size: 600
Unknown thread object [ ETHREAD 0x81CC5B30 ] TID: 568
Address: 0x81927930
Size: 600
==============================================
>Files
Suspect File: C:\WINDOWS\system32\drivers\kbiwkmqbrntoql.sys Status: Hidden
Suspect File: C:\WINDOWS\system32\kbiwkmdxlvvkmt.dll Status: Hidden
Suspect File: C:\WINDOWS\system32\kbiwkmluicoebf.dat Status: Hidden
Suspect File: C:\WINDOWS\system32\kbiwkmyspayvpa.dll Status: Hidden
==============================================
>Hooks
ntkrnlpa.exe+0x00069C2A, Type: Inline - RelativeJump 0x80540C2A [ntkrnlpa.exe]
ntkrnlpa.exe-->IofCallDriver, Type: Inline - RelativeJump 0x804EDE00 [unknown_code_page]
ntkrnlpa.exe-->IofCompleteRequest, Type: Inline - RelativeJump 0x804EDE90 [unknown_code_page]
ntkrnlpa.exe-->NtEnumerateKey, Type: Inline - RelativeJump 0x80619412 [unknown_code_page]
ntkrnlpa.exe-->NtFlushInstructionCache, Type: Inline - RelativeJump 0x805AA912 [unknown_code_page]
ntkrnlpa.exe-->NtSaveKey, Type: Inline - RelativeJump 0x8061707C [unknown_code_page]
ntkrnlpa.exe-->NtSaveKeyEx, Type: Inline - RelativeJump 0x8061710C [unknown_code_page]
[1772]explorer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9161CA [unknown_code_page]
[468]ekrn.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x7C810386 [unknown_code_page]
Re: win32/olmarik v operační paměti
nod pořád hlásí to samé, a zde je report:
RkUnhooker report generator v0.7
==============================================
Rootkit Unhooker kernel version: 3.8.386.588
==============================================
Windows Major Version: 5
Windows Minor Version: 1
Windows Build Number: 2600
==============================================
>SSDT State
NtOpenProcess
Actual Address 0x81B78CB0
Hooked by: Unknown module filename
NtOpenThread
Actual Address 0x81B790D0
Hooked by: Unknown module filename
NtSuspendProcess
Actual Address 0x81B796D0
Hooked by: Unknown module filename
NtSuspendThread
Actual Address 0x81B794F0
Hooked by: Unknown module filename
NtTerminateProcess
Actual Address 0x81B78EE0
Hooked by: Unknown module filename
NtTerminateThread
Actual Address 0x81B79310
Hooked by: Unknown module filename
==============================================
>Shadow
==============================================
>Processes
Process: System
Process Id: 4
EPROCESS Address: 0x823CA7C0
Process: D:\Program files\Mozilla Firefox\firefox.exe
Process Id: 208
EPROCESS Address: 0x82131150
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 220
EPROCESS Address: 0x81814508
Process: C:\WINDOWS\system32\ctfmon.exe
Process Id: 232
EPROCESS Address: 0x81ADBDA0
Process: C:\Program Files\VIA\RAID\raid_tool.exe
Process Id: 272
EPROCESS Address: 0x818046C8
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 444
EPROCESS Address: 0x82010B10
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 460
EPROCESS Address: 0x81818020
Process: C:\Program Files\ESET\ESET Smart Security\ekrn.exe
Process Id: 648
EPROCESS Address: 0x82013DA0
Process: C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
Process Id: 696
EPROCESS Address: 0x81F75DA0
Process: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
Process Id: 740
EPROCESS Address: 0x82012378
Process: C:\WINDOWS\system32\spoolsv.exe
Process Id: 804
EPROCESS Address: 0x81537348
Process: C:\Program Files\ICQ6Toolbar\ICQ Service.exe
Process Id: 904
EPROCESS Address: 0x81FBC908
Process: C:\Program Files\Java\jre6\bin\jqs.exe
Process Id: 916
EPROCESS Address: 0x821E7518
Process: C:\WINDOWS\system32\smss.exe
Process Id: 1024
EPROCESS Address: 0x81E33770
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1072
EPROCESS Address: 0x81F962E8
Process: C:\WINDOWS\system32\csrss.exe
Process Id: 1144
EPROCESS Address: 0x82045020
Process: C:\WINDOWS\system32\winlogon.exe
Process Id: 1168
EPROCESS Address: 0x820AF770
Process: C:\WINDOWS\system32\services.exe
Process Id: 1212
EPROCESS Address: 0x81E07770
Process: C:\WINDOWS\system32\lsass.exe
Process Id: 1224
EPROCESS Address: 0x81E04770
Process: C:\WINDOWS\system32\ati2evxx.exe
Process Id: 1404
EPROCESS Address: 0x81DE7770
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1416
EPROCESS Address: 0x82114348
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1532
EPROCESS Address: 0x81D1DB88
Process: C:\WINDOWS\system32\wuauclt.exe
Process Id: 1540
EPROCESS Address: 0x816609E8
Process: C:\WINDOWS\system32\ati2evxx.exe
Process Id: 1740
EPROCESS Address: 0x81619518
Process: C:\WINDOWS\explorer.exe
Process Id: 1796
EPROCESS Address: 0x81FC3290
Process: C:\WINDOWS\SOUNDMAN.EXE
Process Id: 1912
EPROCESS Address: 0x81FC2DA0
Process: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Process Id: 1920
EPROCESS Address: 0x81F9E250
Process: C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
Process Id: 1936
EPROCESS Address: 0x813C78B8
Process: C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
Process Id: 1956
EPROCESS Address: 0x81FCA940
Process: C:\WINDOWS\system32\rundll32.exe
Process Id: 1988
EPROCESS Address: 0x81ADD640
Process: C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
Process Id: 2000
EPROCESS Address: 0x820204C0
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 2008
EPROCESS Address: 0x81B1F020
Process: C:\Program Files\Java\jre6\bin\jusched.exe
Process Id: 2032
EPROCESS Address: 0x8161B250
Process: C:\Program Files\ESET\ESET Smart Security\egui.exe
Process Id: 2036
EPROCESS Address: 0x81ADB020
Process: C:\WINDOWS\system32\alg.exe
Process Id: 2268
EPROCESS Address: 0x821784A8
Process: C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
Process Id: 2828
EPROCESS Address: 0x817E97E0
Process: C:\WINDOWS\system32\wbem\unsecapp.exe
Process Id: 2948
EPROCESS Address: 0x817E5790
Process: C:\WINDOWS\system32\wscntfy.exe
Process Id: 2984
EPROCESS Address: 0x81ABCAE8
Process: C:\WINDOWS\system32\wbem\wmiprvse.exe
Process Id: 3056
EPROCESS Address: 0x817E0020
Process: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
Process Id: 3108
EPROCESS Address: 0x82169380
Process: C:\RK\581bxeeaSuovGvam3.exe
Process Id: 3708
EPROCESS Address: 0x81AAAB28
==============================================
>Drivers
Driver: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000
Size: 2059008 bytes
Driver: PnpManager
Address: 0x804D7000
Size: 2059008 bytes
Driver: RAW
Address: 0x804D7000
Size: 2059008 bytes
Driver: WMIxWDM
Address: 0x804D7000
Size: 2059008 bytes
Driver: C:\WINDOWS\System32\ati3duag.dll
Address: 0xBFA44000
Size: 1916928 bytes
Driver: Win32k
Address: 0xBF800000
Size: 1839104 bytes
Driver: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000
Size: 1839104 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Address: 0xF8251000
Size: 839680 bytes
Driver: C:\WINDOWS\system32\DRIVERS\eamon.sys
Address: 0xA2AEA000
Size: 835584 bytes
Driver: C:\WINDOWS\system32\drivers\ALCXWDM.SYS
Address: 0xF8166000
Size: 593920 bytes
Driver: Ntfs.sys
Address: 0xF83AE000
Size: 577536 bytes
Driver: C:\WINDOWS\System32\ativvaxx.dll
Address: 0xBFC18000
Size: 507904 bytes
Driver: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xA2CB7000
Size: 454656 bytes
Driver: C:\WINDOWS\system32\drivers\ALCXSENS.SYS
Address: 0xF80E2000
Size: 393216 bytes
Driver: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xA2DAF000
Size: 360448 bytes
Driver: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xA2263000
Size: 339968 bytes
Driver: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000
Size: 286720 bytes
Driver: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA1D5F000
Size: 266240 bytes
Driver: C:\WINDOWS\System32\ati2cqag.dll
Address: 0xBFA0A000
Size: 237568 bytes
Driver: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBF9D3000
Size: 225280 bytes
Driver: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF7F68000
Size: 212992 bytes
Driver: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xF7FC4000
Size: 200704 bytes
Driver: ACPI.sys
Address: 0xF8536000
Size: 188416 bytes
Driver: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xA23A6000
Size: 184320 bytes
Driver: NDIS.sys
Address: 0xF8381000
Size: 184320 bytes
Driver: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xA2D26000
Size: 180224 bytes
Driver: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xA1C95000
Size: 172032 bytes
Driver: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xA2D74000
Size: 163840 bytes
Driver: dmio.sys
Address: 0xF84E0000
Size: 155648 bytes
Driver: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xF8142000
Size: 147456 bytes
Driver: C:\WINDOWS\system32\DRIVERS\epfw.sys
Address: 0xA2A9F000
Size: 143360 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF821A000
Size: 143360 bytes
Driver: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF81F7000
Size: 143360 bytes
Driver: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xA2D52000
Size: 139264 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xA2C96000
Size: 135168 bytes
Driver: ACPI_HAL
Address: 0x806CE000
Size: 131968 bytes
Driver: C:\WINDOWS\system32\hal.dll
Address: 0x806CE000
Size: 131968 bytes
Driver: fltMgr.sys
Address: 0xF8464000
Size: 126976 bytes
Driver: ftdisk.sys
Address: 0xF8506000
Size: 126976 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ehdrv.sys
Address: 0xA2E5B000
Size: 118784 bytes
Driver: Mup.sys
Address: 0xF8366000
Size: 110592 bytes
Driver: viamraid.sys
Address: 0xF84AE000
Size: 106496 bytes
Driver: atapi.sys
Address: 0xF84C8000
Size: 98304 bytes
Driver: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA2C7E000
Size: 98304 bytes
Driver: C:\WINDOWS\system32\drivers\SCSIPORT.SYS
Address: 0xF8496000
Size: 98304 bytes
Driver: KSecDD.sys
Address: 0xF843B000
Size: 94208 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF8006000
Size: 94208 bytes
Driver: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA2792000
Size: 86016 bytes
Driver: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xF80BD000
Size: 81920 bytes
Driver: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF823D000
Size: 81920 bytes
Driver: C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
Address: 0xA2D9C000
Size: 77824 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xA2E07000
Size: 77824 bytes
Driver: viasraid.sys
Address: 0xF8483000
Size: 77824 bytes
Driver: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C1000
Size: 73728 bytes
Driver: sr.sys
Address: 0xF8452000
Size: 73728 bytes
Driver: pci.sys
Address: 0xF8525000
Size: 69632 bytes
Driver: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF7FF5000
Size: 69632 bytes
Driver: C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys
Address: 0xF80D1000
Size: 69632 bytes
Driver: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF8845000
Size: 65536 bytes
Driver: C:\WINDOWS\system32\DRIVERS\mf.sys
Address: 0xF8895000
Size: 65536 bytes
Driver: C:\WINDOWS\system32\DRIVERS\nic1394.sys
Address: 0xF8715000
Size: 65536 bytes
Driver: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xF8725000
Size: 65536 bytes
Driver: C:\WINDOWS\system32\DRIVERS\arp1394.sys
Address: 0xF8825000
Size: 61440 bytes
Driver: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF88D5000
Size: 61440 bytes
Driver: Lbd.sys
Address: 0xF86D5000
Size: 61440 bytes
Driver: ohci1394.sys
Address: 0xF8675000
Size: 61440 bytes
Driver: C:\WINDOWS\system32\drivers\qivgo.sys
Address: 0xA2F88000
Size: 61440 bytes
Driver: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF88C5000
Size: 61440 bytes
Driver: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xF803D000
Size: 61440 bytes
Driver: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF87D5000
Size: 61440 bytes
Driver: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xF8685000
Size: 53248 bytes
Driver: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF88B5000
Size: 53248 bytes
Driver: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF86C5000
Size: 53248 bytes
Driver: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF8735000
Size: 53248 bytes
Driver: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF8755000
Size: 53248 bytes
Driver: VolSnap.sys
Address: 0xF86A5000
Size: 53248 bytes
Driver: gagp30kx.sys
Address: 0xF86E5000
Size: 49152 bytes
Driver: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF8775000
Size: 49152 bytes
Driver: C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
Address: 0xF8745000
Size: 45056 bytes
Driver: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF88A5000
Size: 45056 bytes
Driver: MountMgr.sys
Address: 0xF8695000
Size: 45056 bytes
Driver: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF8765000
Size: 45056 bytes
Driver: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF87C5000
Size: 40960 bytes
Driver: C:\WINDOWS\system32\DRIVERS\processr.sys
Address: 0xF8885000
Size: 40960 bytes
Driver: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF8795000
Size: 40960 bytes
Driver: disk.sys
Address: 0xF86B5000
Size: 36864 bytes
Driver: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF8805000
Size: 36864 bytes
Driver: isapnp.sys
Address: 0xF8665000
Size: 36864 bytes
Driver: C:\WINDOWS\System32\Drivers\kardelia.SYS
Address: 0xA24D5000
Size: 36864 bytes
Driver: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF8785000
Size: 36864 bytes
Driver: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF87F5000
Size: 36864 bytes
Driver: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF8815000
Size: 36864 bytes
Driver: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF8A2D000
Size: 32768 bytes
Driver: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xF89D5000
Size: 28672 bytes
Driver: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF88E5000
Size: 28672 bytes
Driver: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF89CD000
Size: 28672 bytes
Driver: viaagp1.sys
Address: 0xF88F5000
Size: 28672 bytes
Driver: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF89E5000
Size: 24576 bytes
Driver: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF89DD000
Size: 24576 bytes
Driver: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF8A1D000
Size: 24576 bytes
Driver: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xF8A0D000
Size: 20480 bytes
Driver: C:\WINDOWS\system32\DRIVERS\hamachi.sys
Address: 0xF8A05000
Size: 20480 bytes
Driver: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF8A25000
Size: 20480 bytes
Driver: PartMgr.sys
Address: 0xF88ED000
Size: 20480 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF89F5000
Size: 20480 bytes
Driver: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF89FD000
Size: 20480 bytes
Driver: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF89ED000
Size: 20480 bytes
Driver: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF89C5000
Size: 20480 bytes
Driver: C:\WINDOWS\System32\watchdog.sys
Address: 0xF8A35000
Size: 20480 bytes
Driver: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF8B51000
Size: 16384 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xA2BD2000
Size: 16384 bytes
Driver: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xF8B2D000
Size: 16384 bytes
Driver: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF8A75000
Size: 12288 bytes
Driver: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xA2ECC000
Size: 12288 bytes
Driver: C:\WINDOWS\system32\DRIVERS\gameenum.sys
Address: 0xF8B31000
Size: 12288 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF8B35000
Size: 12288 bytes
Driver: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xA2EF4000
Size: 12288 bytes
Driver: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF8B91000
Size: 8192 bytes
Driver: dmload.sys
Address: 0xF8B6B000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8B97000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF8B8F000
Size: 8192 bytes
Driver: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF8B65000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF8B93000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF8B75000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF8B95000
Size: 8192 bytes
Driver: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF8B83000
Size: 8192 bytes
Driver: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF8B85000
Size: 8192 bytes
Driver: viaide.sys
Address: 0xF8B69000
Size: 8192 bytes
Driver: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF8B67000
Size: 8192 bytes
Driver: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF8D40000
Size: 4096 bytes
Driver: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF8D43000
Size: 4096 bytes
Driver: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF8D7C000
Size: 4096 bytes
==============================================
>Stealth
Unknown page with executable code
Address: 0x81BA0B6E
Size: 1170
Unknown page with executable code
Address: 0x81BA7F66
Size: 154
Unknown page with executable code
Address: 0x81B76550
Size: 2736
Unknown page with executable code
Address: 0x81BA24D5
Size: 2859
Hidden Image-->kbiwkmyspayvpa.dll [ EPROCESS 0x81FC3290 ] PID: 1796
Address: 0x10000000
Size: 28672
Hidden Image-->kbiwkmyspayvpa.dll [ EPROCESS 0x82131150 ] PID: 208
Address: 0x01060000
Size: 28672
Unknown page with executable code
Address: 0xA2E1D1F2
Size: 3598
Hidden Image-->kbiwkmdxlvvkmt.dll [ EPROCESS 0x82114348 ] PID: 1416
Address: 0x10000000
Size: 53248
Unknown thread object [ ETHREAD 0x81DB3748 ] TID: 560
Address: 0x81B9F5F0
Size: 600
Unknown thread object [ ETHREAD 0x821F05B0 ] TID: 568
Address: 0x81B77930
Size: 600
==============================================
>Files
Suspect File: C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb::$DATA Status: Hidden
Suspect File: C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log::$DATA Status: Hidden
Suspect File: C:\WINDOWS\system32\drivers\kbiwkmqbrntoql.sys Status: Hidden
Suspect File: C:\WINDOWS\system32\kbiwkmdxlvvkmt.dll Status: Hidden
Suspect File: C:\WINDOWS\system32\kbiwkmluicoebf.dat Status: Hidden
Suspect File: C:\WINDOWS\system32\kbiwkmyspayvpa.dll Status: Hidden
==============================================
>Hooks
ntkrnlpa.exe+0x00069C2A, Type: Inline - RelativeJump 0x80540C2A [ntkrnlpa.exe]
ntkrnlpa.exe-->IofCallDriver, Type: Inline - RelativeJump 0x804EDE00 [unknown_code_page]
ntkrnlpa.exe-->IofCompleteRequest, Type: Inline - RelativeJump 0x804EDE90 [unknown_code_page]
ntkrnlpa.exe-->NtEnumerateKey, Type: Inline - RelativeJump 0x80619412 [unknown_code_page]
ntkrnlpa.exe-->NtFlushInstructionCache, Type: Inline - RelativeJump 0x805AA912 [unknown_code_page]
ntkrnlpa.exe-->NtSaveKey, Type: Inline - RelativeJump 0x8061707C [unknown_code_page]
ntkrnlpa.exe-->NtSaveKeyEx, Type: Inline - RelativeJump 0x8061710C [unknown_code_page]
[1796]explorer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9161CA [unknown_code_page]
[648]ekrn.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x7C810386 [unknown_code_page]
RkUnhooker report generator v0.7
==============================================
Rootkit Unhooker kernel version: 3.8.386.588
==============================================
Windows Major Version: 5
Windows Minor Version: 1
Windows Build Number: 2600
==============================================
>SSDT State
NtOpenProcess
Actual Address 0x81B78CB0
Hooked by: Unknown module filename
NtOpenThread
Actual Address 0x81B790D0
Hooked by: Unknown module filename
NtSuspendProcess
Actual Address 0x81B796D0
Hooked by: Unknown module filename
NtSuspendThread
Actual Address 0x81B794F0
Hooked by: Unknown module filename
NtTerminateProcess
Actual Address 0x81B78EE0
Hooked by: Unknown module filename
NtTerminateThread
Actual Address 0x81B79310
Hooked by: Unknown module filename
==============================================
>Shadow
==============================================
>Processes
Process: System
Process Id: 4
EPROCESS Address: 0x823CA7C0
Process: D:\Program files\Mozilla Firefox\firefox.exe
Process Id: 208
EPROCESS Address: 0x82131150
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 220
EPROCESS Address: 0x81814508
Process: C:\WINDOWS\system32\ctfmon.exe
Process Id: 232
EPROCESS Address: 0x81ADBDA0
Process: C:\Program Files\VIA\RAID\raid_tool.exe
Process Id: 272
EPROCESS Address: 0x818046C8
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 444
EPROCESS Address: 0x82010B10
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 460
EPROCESS Address: 0x81818020
Process: C:\Program Files\ESET\ESET Smart Security\ekrn.exe
Process Id: 648
EPROCESS Address: 0x82013DA0
Process: C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
Process Id: 696
EPROCESS Address: 0x81F75DA0
Process: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
Process Id: 740
EPROCESS Address: 0x82012378
Process: C:\WINDOWS\system32\spoolsv.exe
Process Id: 804
EPROCESS Address: 0x81537348
Process: C:\Program Files\ICQ6Toolbar\ICQ Service.exe
Process Id: 904
EPROCESS Address: 0x81FBC908
Process: C:\Program Files\Java\jre6\bin\jqs.exe
Process Id: 916
EPROCESS Address: 0x821E7518
Process: C:\WINDOWS\system32\smss.exe
Process Id: 1024
EPROCESS Address: 0x81E33770
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1072
EPROCESS Address: 0x81F962E8
Process: C:\WINDOWS\system32\csrss.exe
Process Id: 1144
EPROCESS Address: 0x82045020
Process: C:\WINDOWS\system32\winlogon.exe
Process Id: 1168
EPROCESS Address: 0x820AF770
Process: C:\WINDOWS\system32\services.exe
Process Id: 1212
EPROCESS Address: 0x81E07770
Process: C:\WINDOWS\system32\lsass.exe
Process Id: 1224
EPROCESS Address: 0x81E04770
Process: C:\WINDOWS\system32\ati2evxx.exe
Process Id: 1404
EPROCESS Address: 0x81DE7770
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1416
EPROCESS Address: 0x82114348
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 1532
EPROCESS Address: 0x81D1DB88
Process: C:\WINDOWS\system32\wuauclt.exe
Process Id: 1540
EPROCESS Address: 0x816609E8
Process: C:\WINDOWS\system32\ati2evxx.exe
Process Id: 1740
EPROCESS Address: 0x81619518
Process: C:\WINDOWS\explorer.exe
Process Id: 1796
EPROCESS Address: 0x81FC3290
Process: C:\WINDOWS\SOUNDMAN.EXE
Process Id: 1912
EPROCESS Address: 0x81FC2DA0
Process: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Process Id: 1920
EPROCESS Address: 0x81F9E250
Process: C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
Process Id: 1936
EPROCESS Address: 0x813C78B8
Process: C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
Process Id: 1956
EPROCESS Address: 0x81FCA940
Process: C:\WINDOWS\system32\rundll32.exe
Process Id: 1988
EPROCESS Address: 0x81ADD640
Process: C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
Process Id: 2000
EPROCESS Address: 0x820204C0
Process: C:\WINDOWS\system32\svchost.exe
Process Id: 2008
EPROCESS Address: 0x81B1F020
Process: C:\Program Files\Java\jre6\bin\jusched.exe
Process Id: 2032
EPROCESS Address: 0x8161B250
Process: C:\Program Files\ESET\ESET Smart Security\egui.exe
Process Id: 2036
EPROCESS Address: 0x81ADB020
Process: C:\WINDOWS\system32\alg.exe
Process Id: 2268
EPROCESS Address: 0x821784A8
Process: C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
Process Id: 2828
EPROCESS Address: 0x817E97E0
Process: C:\WINDOWS\system32\wbem\unsecapp.exe
Process Id: 2948
EPROCESS Address: 0x817E5790
Process: C:\WINDOWS\system32\wscntfy.exe
Process Id: 2984
EPROCESS Address: 0x81ABCAE8
Process: C:\WINDOWS\system32\wbem\wmiprvse.exe
Process Id: 3056
EPROCESS Address: 0x817E0020
Process: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
Process Id: 3108
EPROCESS Address: 0x82169380
Process: C:\RK\581bxeeaSuovGvam3.exe
Process Id: 3708
EPROCESS Address: 0x81AAAB28
==============================================
>Drivers
Driver: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000
Size: 2059008 bytes
Driver: PnpManager
Address: 0x804D7000
Size: 2059008 bytes
Driver: RAW
Address: 0x804D7000
Size: 2059008 bytes
Driver: WMIxWDM
Address: 0x804D7000
Size: 2059008 bytes
Driver: C:\WINDOWS\System32\ati3duag.dll
Address: 0xBFA44000
Size: 1916928 bytes
Driver: Win32k
Address: 0xBF800000
Size: 1839104 bytes
Driver: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000
Size: 1839104 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Address: 0xF8251000
Size: 839680 bytes
Driver: C:\WINDOWS\system32\DRIVERS\eamon.sys
Address: 0xA2AEA000
Size: 835584 bytes
Driver: C:\WINDOWS\system32\drivers\ALCXWDM.SYS
Address: 0xF8166000
Size: 593920 bytes
Driver: Ntfs.sys
Address: 0xF83AE000
Size: 577536 bytes
Driver: C:\WINDOWS\System32\ativvaxx.dll
Address: 0xBFC18000
Size: 507904 bytes
Driver: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xA2CB7000
Size: 454656 bytes
Driver: C:\WINDOWS\system32\drivers\ALCXSENS.SYS
Address: 0xF80E2000
Size: 393216 bytes
Driver: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xA2DAF000
Size: 360448 bytes
Driver: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xA2263000
Size: 339968 bytes
Driver: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000
Size: 286720 bytes
Driver: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA1D5F000
Size: 266240 bytes
Driver: C:\WINDOWS\System32\ati2cqag.dll
Address: 0xBFA0A000
Size: 237568 bytes
Driver: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBF9D3000
Size: 225280 bytes
Driver: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF7F68000
Size: 212992 bytes
Driver: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xF7FC4000
Size: 200704 bytes
Driver: ACPI.sys
Address: 0xF8536000
Size: 188416 bytes
Driver: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xA23A6000
Size: 184320 bytes
Driver: NDIS.sys
Address: 0xF8381000
Size: 184320 bytes
Driver: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xA2D26000
Size: 180224 bytes
Driver: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xA1C95000
Size: 172032 bytes
Driver: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xA2D74000
Size: 163840 bytes
Driver: dmio.sys
Address: 0xF84E0000
Size: 155648 bytes
Driver: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xF8142000
Size: 147456 bytes
Driver: C:\WINDOWS\system32\DRIVERS\epfw.sys
Address: 0xA2A9F000
Size: 143360 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF821A000
Size: 143360 bytes
Driver: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF81F7000
Size: 143360 bytes
Driver: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xA2D52000
Size: 139264 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xA2C96000
Size: 135168 bytes
Driver: ACPI_HAL
Address: 0x806CE000
Size: 131968 bytes
Driver: C:\WINDOWS\system32\hal.dll
Address: 0x806CE000
Size: 131968 bytes
Driver: fltMgr.sys
Address: 0xF8464000
Size: 126976 bytes
Driver: ftdisk.sys
Address: 0xF8506000
Size: 126976 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ehdrv.sys
Address: 0xA2E5B000
Size: 118784 bytes
Driver: Mup.sys
Address: 0xF8366000
Size: 110592 bytes
Driver: viamraid.sys
Address: 0xF84AE000
Size: 106496 bytes
Driver: atapi.sys
Address: 0xF84C8000
Size: 98304 bytes
Driver: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA2C7E000
Size: 98304 bytes
Driver: C:\WINDOWS\system32\drivers\SCSIPORT.SYS
Address: 0xF8496000
Size: 98304 bytes
Driver: KSecDD.sys
Address: 0xF843B000
Size: 94208 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF8006000
Size: 94208 bytes
Driver: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA2792000
Size: 86016 bytes
Driver: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xF80BD000
Size: 81920 bytes
Driver: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF823D000
Size: 81920 bytes
Driver: C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
Address: 0xA2D9C000
Size: 77824 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xA2E07000
Size: 77824 bytes
Driver: viasraid.sys
Address: 0xF8483000
Size: 77824 bytes
Driver: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C1000
Size: 73728 bytes
Driver: sr.sys
Address: 0xF8452000
Size: 73728 bytes
Driver: pci.sys
Address: 0xF8525000
Size: 69632 bytes
Driver: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF7FF5000
Size: 69632 bytes
Driver: C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys
Address: 0xF80D1000
Size: 69632 bytes
Driver: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF8845000
Size: 65536 bytes
Driver: C:\WINDOWS\system32\DRIVERS\mf.sys
Address: 0xF8895000
Size: 65536 bytes
Driver: C:\WINDOWS\system32\DRIVERS\nic1394.sys
Address: 0xF8715000
Size: 65536 bytes
Driver: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xF8725000
Size: 65536 bytes
Driver: C:\WINDOWS\system32\DRIVERS\arp1394.sys
Address: 0xF8825000
Size: 61440 bytes
Driver: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF88D5000
Size: 61440 bytes
Driver: Lbd.sys
Address: 0xF86D5000
Size: 61440 bytes
Driver: ohci1394.sys
Address: 0xF8675000
Size: 61440 bytes
Driver: C:\WINDOWS\system32\drivers\qivgo.sys
Address: 0xA2F88000
Size: 61440 bytes
Driver: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF88C5000
Size: 61440 bytes
Driver: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xF803D000
Size: 61440 bytes
Driver: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF87D5000
Size: 61440 bytes
Driver: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xF8685000
Size: 53248 bytes
Driver: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF88B5000
Size: 53248 bytes
Driver: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF86C5000
Size: 53248 bytes
Driver: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF8735000
Size: 53248 bytes
Driver: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF8755000
Size: 53248 bytes
Driver: VolSnap.sys
Address: 0xF86A5000
Size: 53248 bytes
Driver: gagp30kx.sys
Address: 0xF86E5000
Size: 49152 bytes
Driver: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF8775000
Size: 49152 bytes
Driver: C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
Address: 0xF8745000
Size: 45056 bytes
Driver: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF88A5000
Size: 45056 bytes
Driver: MountMgr.sys
Address: 0xF8695000
Size: 45056 bytes
Driver: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF8765000
Size: 45056 bytes
Driver: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF87C5000
Size: 40960 bytes
Driver: C:\WINDOWS\system32\DRIVERS\processr.sys
Address: 0xF8885000
Size: 40960 bytes
Driver: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF8795000
Size: 40960 bytes
Driver: disk.sys
Address: 0xF86B5000
Size: 36864 bytes
Driver: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF8805000
Size: 36864 bytes
Driver: isapnp.sys
Address: 0xF8665000
Size: 36864 bytes
Driver: C:\WINDOWS\System32\Drivers\kardelia.SYS
Address: 0xA24D5000
Size: 36864 bytes
Driver: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF8785000
Size: 36864 bytes
Driver: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF87F5000
Size: 36864 bytes
Driver: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF8815000
Size: 36864 bytes
Driver: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF8A2D000
Size: 32768 bytes
Driver: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xF89D5000
Size: 28672 bytes
Driver: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF88E5000
Size: 28672 bytes
Driver: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF89CD000
Size: 28672 bytes
Driver: viaagp1.sys
Address: 0xF88F5000
Size: 28672 bytes
Driver: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF89E5000
Size: 24576 bytes
Driver: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF89DD000
Size: 24576 bytes
Driver: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF8A1D000
Size: 24576 bytes
Driver: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xF8A0D000
Size: 20480 bytes
Driver: C:\WINDOWS\system32\DRIVERS\hamachi.sys
Address: 0xF8A05000
Size: 20480 bytes
Driver: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF8A25000
Size: 20480 bytes
Driver: PartMgr.sys
Address: 0xF88ED000
Size: 20480 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF89F5000
Size: 20480 bytes
Driver: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF89FD000
Size: 20480 bytes
Driver: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF89ED000
Size: 20480 bytes
Driver: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF89C5000
Size: 20480 bytes
Driver: C:\WINDOWS\System32\watchdog.sys
Address: 0xF8A35000
Size: 20480 bytes
Driver: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF8B51000
Size: 16384 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xA2BD2000
Size: 16384 bytes
Driver: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xF8B2D000
Size: 16384 bytes
Driver: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF8A75000
Size: 12288 bytes
Driver: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xA2ECC000
Size: 12288 bytes
Driver: C:\WINDOWS\system32\DRIVERS\gameenum.sys
Address: 0xF8B31000
Size: 12288 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF8B35000
Size: 12288 bytes
Driver: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xA2EF4000
Size: 12288 bytes
Driver: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF8B91000
Size: 8192 bytes
Driver: dmload.sys
Address: 0xF8B6B000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8B97000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF8B8F000
Size: 8192 bytes
Driver: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF8B65000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF8B93000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF8B75000
Size: 8192 bytes
Driver: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF8B95000
Size: 8192 bytes
Driver: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF8B83000
Size: 8192 bytes
Driver: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF8B85000
Size: 8192 bytes
Driver: viaide.sys
Address: 0xF8B69000
Size: 8192 bytes
Driver: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF8B67000
Size: 8192 bytes
Driver: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF8D40000
Size: 4096 bytes
Driver: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF8D43000
Size: 4096 bytes
Driver: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF8D7C000
Size: 4096 bytes
==============================================
>Stealth
Unknown page with executable code
Address: 0x81BA0B6E
Size: 1170
Unknown page with executable code
Address: 0x81BA7F66
Size: 154
Unknown page with executable code
Address: 0x81B76550
Size: 2736
Unknown page with executable code
Address: 0x81BA24D5
Size: 2859
Hidden Image-->kbiwkmyspayvpa.dll [ EPROCESS 0x81FC3290 ] PID: 1796
Address: 0x10000000
Size: 28672
Hidden Image-->kbiwkmyspayvpa.dll [ EPROCESS 0x82131150 ] PID: 208
Address: 0x01060000
Size: 28672
Unknown page with executable code
Address: 0xA2E1D1F2
Size: 3598
Hidden Image-->kbiwkmdxlvvkmt.dll [ EPROCESS 0x82114348 ] PID: 1416
Address: 0x10000000
Size: 53248
Unknown thread object [ ETHREAD 0x81DB3748 ] TID: 560
Address: 0x81B9F5F0
Size: 600
Unknown thread object [ ETHREAD 0x821F05B0 ] TID: 568
Address: 0x81B77930
Size: 600
==============================================
>Files
Suspect File: C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb::$DATA Status: Hidden
Suspect File: C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log::$DATA Status: Hidden
Suspect File: C:\WINDOWS\system32\drivers\kbiwkmqbrntoql.sys Status: Hidden
Suspect File: C:\WINDOWS\system32\kbiwkmdxlvvkmt.dll Status: Hidden
Suspect File: C:\WINDOWS\system32\kbiwkmluicoebf.dat Status: Hidden
Suspect File: C:\WINDOWS\system32\kbiwkmyspayvpa.dll Status: Hidden
==============================================
>Hooks
ntkrnlpa.exe+0x00069C2A, Type: Inline - RelativeJump 0x80540C2A [ntkrnlpa.exe]
ntkrnlpa.exe-->IofCallDriver, Type: Inline - RelativeJump 0x804EDE00 [unknown_code_page]
ntkrnlpa.exe-->IofCompleteRequest, Type: Inline - RelativeJump 0x804EDE90 [unknown_code_page]
ntkrnlpa.exe-->NtEnumerateKey, Type: Inline - RelativeJump 0x80619412 [unknown_code_page]
ntkrnlpa.exe-->NtFlushInstructionCache, Type: Inline - RelativeJump 0x805AA912 [unknown_code_page]
ntkrnlpa.exe-->NtSaveKey, Type: Inline - RelativeJump 0x8061707C [unknown_code_page]
ntkrnlpa.exe-->NtSaveKeyEx, Type: Inline - RelativeJump 0x8061710C [unknown_code_page]
[1796]explorer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9161CA [unknown_code_page]
[648]ekrn.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x7C810386 [unknown_code_page]
Re: win32/olmarik v operační paměti
tady je log z avengeru (opět jsem tam vložil ten script).
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\WINDOWS\system32\drivers\kbiwkmqbrntoql.sys" deleted successfully.
File "C:\WINDOWS\system32\kbiwkmdxlvvkmt.dll" deleted successfully.
File "C:\WINDOWS\system32\kbiwkmluicoebf.dat" deleted successfully.
File "C:\WINDOWS\system32\kbiwkmyspayvpa.dll" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\WINDOWS\system32\drivers\kbiwkmqbrntoql.sys" deleted successfully.
File "C:\WINDOWS\system32\kbiwkmdxlvvkmt.dll" deleted successfully.
File "C:\WINDOWS\system32\kbiwkmluicoebf.dat" deleted successfully.
File "C:\WINDOWS\system32\kbiwkmyspayvpa.dll" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Re: win32/olmarik v operační paměti
zde je log z Gmer:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-30 12:14:29
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\TOMBAB~1\LOCALS~1\Temp\pwqoipoc.sys
---- System - GMER 1.0.15 ----
Code 8207C770 ZwEnumerateKey
Code 8207C490 ZwFlushInstructionCache
Code 820813B6 ZwSaveKey
Code 8207CA7E ZwSaveKeyEx
Code 8208148E IofCallDriver
Code 82082856 IofCompleteRequest
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
---- Threads - GMER 1.0.15 ----
Thread System [4:568] 81B26930
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\drivers\kbiwkmqbrntoql.sys (*** hidden *** ) [SYSTEM] kbiwkmotvcjgid <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
log z OTL.txt
OTL logfile created on: 30.1.2010 12:56:45 - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Tomba Bomba\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
511,00 Mb Total Physical Memory | 91,00 Mb Available Physical Memory | 18,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 64,15 Gb Free Space | 27,55% Space Free | Partition Type: NTFS
Drive D: | 111,79 Gb Total Space | 18,01 Gb Free Space | 16,11% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 448,07 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 3,89 Gb Total Space | 0,27 Gb Free Space | 6,96% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JI-9071C58F5DF0
Current User Name: Tomba Bomba
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.01.30 12:55:16 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tomba Bomba\Plocha\OTL.exe
PRC - [2010.01.30 01:05:34 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010.01.30 01:05:33 | 01,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010.01.12 23:09:23 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2010.01.12 23:09:23 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2010.01.07 19:56:28 | 00,908,248 | ---- | M] (Mozilla Corporation) -- D:\Program files\Mozilla Firefox\firefox.exe
PRC - [2009.12.15 11:24:48 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Tomba Bomba\Plocha\gmer.exe
PRC - [2009.11.16 09:04:30 | 00,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009.11.16 09:03:32 | 02,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009.10.29 12:27:54 | 01,074,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2009.08.16 14:01:16 | 00,222,968 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2007.03.11 21:34:40 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2006.06.15 12:36:18 | 00,229,376 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
PRC - [2006.06.05 13:59:18 | 00,174,080 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
PRC - [2004.08.17 15:49:30 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2004.08.17 15:49:24 | 01,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004.04.22 06:56:04 | 00,397,312 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2004.04.21 21:10:00 | 00,335,872 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2004.01.08 19:54:06 | 00,065,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2003.07.31 06:59:14 | 00,561,152 | R--- | M] (VIA) -- C:\Program Files\VIA\RAID\raid_tool.exe
PRC - [2001.10.25 14:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
========== Modules (SafeList) ==========
MOD - [2010.01.30 12:55:16 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tomba Bomba\Plocha\OTL.exe
MOD - [2004.08.17 15:48:02 | 01,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2010.01.30 01:05:33 | 01,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.01.12 23:09:23 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009.11.16 09:12:54 | 00,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.11.16 09:04:30 | 00,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009.10.29 12:27:54 | 01,074,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009.08.16 14:01:16 | 00,222,968 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2007.03.11 21:24:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2006.10.30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2006.06.05 13:59:18 | 00,174,080 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer)
SRV - [2004.04.22 06:56:04 | 00,397,312 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2004.04.21 21:10:00 | 00,516,096 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | Unknown | Running] -- -- (alig)
DRV - [2009.11.16 09:06:48 | 00,055,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009.11.16 09:06:44 | 00,135,048 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009.11.16 09:03:36 | 00,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.11.16 08:56:12 | 00,116,520 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009.09.23 13:55:23 | 00,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009.09.23 09:41:58 | 00,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.06.19 08:10:40 | 00,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2007.03.19 17:18:12 | 00,104,064 | ---- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\viamraid.sys -- (viamraid)
DRV - [2006.05.29 08:26:38 | 00,127,488 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - [2006.05.29 08:26:36 | 00,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2006.05.29 08:26:36 | 00,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic)
DRV - [2004.08.17 15:57:28 | 00,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2004.08.04 00:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004.07.17 11:36:38 | 00,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004.04.22 07:11:06 | 00,729,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004.01.09 16:17:02 | 00,601,100 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003.12.31 04:58:46 | 00,069,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003.12.11 16:54:14 | 00,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003.07.01 21:42:00 | 00,027,904 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003.06.12 11:31:46 | 00,075,904 | R--- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viasraid.sys -- (viasraid)
DRV - [2001.10.25 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-790525478-1637723038-839522115-1005\S-1-5-21-790525478-1637723038-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "seznam.cz"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... id=afex&q="
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: D:\Program files\Mozilla Firefox\components [2010.01.11 22:36:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: D:\Program files\Mozilla Firefox\plugins [2010.01.07 19:56:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.01.25 15:26:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010.01.29 14:01:17 | 00,000,000 | ---D | M]
[2010.01.03 13:57:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomba Bomba\Data aplikací\Mozilla\Extensions
[2010.01.03 13:57:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomba Bomba\Data aplikací\Mozilla\Firefox\Profiles\uarfas5k.default\extensions
[2010.01.29 10:13:44 | 00,000,694 | ---- | M] () -- C:\Documents and Settings\Tomba Bomba\Data aplikací\Mozilla\Firefox\Profiles\uarfas5k.default\searchplugins\icq-search.xml
[2008.03.31 09:52:00 | 00,000,168 | ---- | M] () -- C:\Documents and Settings\Tomba Bomba\Data aplikací\Mozilla\Firefox\Profiles\uarfas5k.default\searchplugins\icqplugin.gif
[2008.03.31 09:52:00 | 00,000,618 | ---- | M] () -- C:\Documents and Settings\Tomba Bomba\Data aplikací\Mozilla\Firefox\Profiles\uarfas5k.default\searchplugins\icqplugin.src
O1 HOSTS File: ([2001.10.25 14:00:00 | 00,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Port pro program Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1029\OLFSNT40.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe (VIA)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-790525478-1637723038-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.02 19:27:20 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008.03.13 16:14:39 | 00,000,040 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010.01.02 19:26:52 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.at3 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\SONY\atrac3.acm ()
Drivers32: msacm.CoreFLAC_ACM - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Core\CoreFLAC_ACM.acm ()
Drivers32: msacm.divxa32 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\DivX\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.iac2 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.imc - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\imc32.acm (Intel Corporation)
Drivers32: msacm.l3acm - C:\Program Files\ACE Mega CoDecS Pack\SystemS\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Program Files\ACE Mega CoDecS Pack\SystemS\lameacm.acm (http://www.mp3dev.org/)
Drivers32: msacm.lhacm - C:\Program Files\ACE Mega CoDecS Pack\SystemS\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.msadpcm - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.pcdv - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Canopus\pcdv.acm (Canopus Co., Ltd.)
Drivers32: msacm.qmpeg - C:\Program Files\ACE Mega CoDecS Pack\SystemS\QDesign\qmpeg.acm (QDesign Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\Program Files\ACE Mega CoDecS Pack\SystemS\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\Program Files\ACE Mega CoDecS Pack\SystemS\OGG\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: msacm.voxacm160 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\VoxWare\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.aas4 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Autodesk\aasc32.dll (Autodesk, Inc.)
Drivers32: vidc.aasc - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Autodesk\aasc32.dll (Autodesk, Inc.)
Drivers32: vidc.advj - C:\Program Files\ACE Mega CoDecS Pack\SystemS\avidavicodec.dll (Avid Technology, Inc)
Drivers32: vidc.advs - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Adaptec\dvc.dll (Adaptec)
Drivers32: vidc.aflc - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Autodesk\flccodec32.dll (Autodesk, Inc.)
Drivers32: vidc.afli - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Autodesk\flccodec32.dll (Autodesk, Inc.)
Drivers32: vidc.ap41 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\DivX\divxc32f.dll (Hacked with Joy !)
Drivers32: vidc.asv1 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\ASUS\asusasv1.dll ()
Drivers32: vidc.asv2 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\ASUS\asusasv2.dll ()
Drivers32: vidc.asvx - C:\Program Files\ACE Mega CoDecS Pack\SystemS\ASUS\asusasv2.dll ()
Drivers32: vidc.avi1 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\MainConcept\mcmjpg32.dll (MainConcept)
Drivers32: vidc.avi2 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\MainConcept\mcmjpg32.dll (MainConcept)
Drivers32: vidc.avrn - C:\Program Files\ACE Mega CoDecS Pack\SystemS\avidavicodec.dll (Avid Technology, Inc)
Drivers32: vidc.bt20 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Brooktree\btvvc32.drv (Brooktree Corporation)
Drivers32: vidc.cdvc - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Canopus\csccdvc.dll (Canopus Co., Ltd.)
Drivers32: vidc.cram - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.cscd - C:\Program Files\ACE Mega CoDecS Pack\SystemS\camcodec.dll (RenderSoft Software.)
Drivers32: vidc.cvid - C:\Program Files\ACE Mega CoDecS Pack\SystemS\iccvid.dll (Compression Technologies, Inc.)
Drivers32: vidc.davc - C:\Program Files\ACE Mega CoDecS Pack\SystemS\dicas\davcvfw.dll (dicas)
Drivers32: vidc.dcap - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Pinnacle\mirodv2avi.dll (Pinnacle Systems)
Drivers32: vidc.dcmj - C:\Program Files\ACE Mega CoDecS Pack\SystemS\MainConcept\mcmjpg32.dll (MainConcept)
Drivers32: vidc.ddvc - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Canopus\cscdvsd.dll (Canopus Co., Ltd.)
Drivers32: vidc.div3 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\DivX\divxc32.dll (Hacked with Joy !)
Drivers32: vidc.div4 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\DivX\divxc32f.dll (Hacked with Joy !)
Drivers32: vidc.div5 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\DivX\divxc32.dll (Hacked with Joy !)
Drivers32: vidc.div6 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\DivX\divxc32f.dll (Hacked with Joy !)
Drivers32: vidc.divx - C:\Program Files\ACE Mega CoDecS Pack\SystemS\DivX\DivX520.dll (DivXNetworks, Inc.)
Drivers32: vidc.dmb2 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\pmjpeg32.dll (White Pine Software and Paradigm Matrix)
Drivers32: vidc.dv25 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.dv50 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.dvc - C:\Program Files\ACE Mega CoDecS Pack\SystemS\MainConcept\mcdvd_32.dll (MainConcept)
Drivers32: vidc.dvcp - C:\Program Files\ACE Mega CoDecS Pack\SystemS\SONY\sonydv.dll (Sony Corporation)
Drivers32: vidc.dvcs - C:\Program Files\ACE Mega CoDecS Pack\SystemS\MainConcept\mcdvd_32.dll (MainConcept)
Drivers32: vidc.dvsd - C:\Program Files\ACE Mega CoDecS Pack\SystemS\MainConcept\mcdvd_32.dll (MainConcept)
Drivers32: vidc.dvx4 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\DivX\DivX4.dll (DivXNetworks, Inc.)
Drivers32: vidc.em2v - C:\Program Files\ACE Mega CoDecS Pack\SystemS\etxcodec.dll (Etymonix Inc.)
Drivers32: vidc.frwa - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Forward\frwt.dll (Darim Vision Co.)
Drivers32: vidc.frwd - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Forward\frwd.dll (Darim Vision Co.)
Drivers32: vidc.frwt - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Forward\frwd.dll (Darim Vision Co.)
Drivers32: vidc.frwu - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Forward\frwu.dll (Darim Vision Co.)
Drivers32: vidc.gepj - C:\Program Files\ACE Mega CoDecS Pack\SystemS\pmjpeg32.dll (White Pine Software and Paradigm Matrix)
Drivers32: vidc.glzw - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Gabest\glzw.dll (Gabest)
Drivers32: vidc.gpeg - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Gabest\gpeg.dll (Gabest)
Drivers32: vidc.gpjm - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Pinnacle\rtmjpgcdc.dll (Pinnacle Systems)
Drivers32: vidc.hfyu - C:\Program Files\ACE Mega CoDecS Pack\SystemS\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.i263 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\i263_32.drv (Intel Corporation)
Drivers32: vidc.i420 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\msh263.drv (Microsoft Corporation)
Drivers32: vidc.ipdv - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Panasonic\idvcodec.dll (Matsushita Electric Industrial Co., Ltd. I-O DATA DEVICE,INC.)
Drivers32: vidc.ir21 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir21_r.dll ()
Drivers32: vidc.iv30 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv31 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv33 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv34 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv35 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv36 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv37 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv38 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv39 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv40 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv41 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv42 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv43 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv44 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv45 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv46 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv47 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv48 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv49 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv50 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.lead - C:\Program Files\ACE Mega CoDecS Pack\SystemS\LEAD\lcodccmp.dll (LEAD Technologies, Inc.)
Drivers32: vidc.m261 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\msh261.drv (Microsoft Corporation)
Drivers32: vidc.m263 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\msh263.drv (Microsoft Corporation)
Drivers32: vidc.miro - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Pinnacle\mirodv2avi.dll (Pinnacle Systems)
Drivers32: vidc.mjpa - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Pinnacle\rtmjpgcdc.dll (Pinnacle Systems)
Drivers32: vidc.mjpx - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Pegasus\pvmjpg21.dll (Pegasus Imaging Corporation)
Drivers32: vidc.mkvc - C:\Program Files\ACE Mega CoDecS Pack\SystemS\kmvidc32.dll ()
Drivers32: vidc.mmes - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mmjp - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mp41 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll ()
Drivers32: vidc.mp42 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll ()
Drivers32: vidc.mp4s - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll ()
Drivers32: vidc.mp4v - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll ()
Drivers32: vidc.mpg3 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\DivX\divxc32.dll (Hacked with Joy !)
Drivers32: vidc.mpg4 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msmc - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.msvc - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.mszh - C:\Program Files\ACE Mega CoDecS Pack\SystemS\avimszh.dll ()
Drivers32: vidc.mtx1 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mtx2 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mtx3 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mtx4 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mtx5 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mtx6 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mtx7 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mtx8 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mtx9 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mwv1 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Aware\icmw_32.dll (Aware Inc.)
Drivers32: vidc.nt00 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Newtek\ntcodec.dll (NewTek, Inc)
Drivers32: vidc.pdvc - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Panasonic\idvcodec.dll (Matsushita Electric Industrial Co., Ltd. I-O DATA DEVICE,INC.)
Drivers32: vidc.pim1 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Pinnacle\pclepim1.dll (Pinnacle Systems)
Drivers32: vidc.pimj - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Pegasus\pvljpg20.dll (Pegasus Imaging Corporation)
Drivers32: vidc.png1 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Core\CorePNG_vfw.dll ()
Drivers32: vidc.pvw2 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Pegasus\pvwv220.dll (Pegasus Imaging Corporation)
Drivers32: vidc.q1.0 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\qpeg32.dll (Q-Team Dr. Knabe GmbH, Korschenbroich, Germany)
Drivers32: vidc.qpeg - C:\Program Files\ACE Mega CoDecS Pack\SystemS\qpeg32.dll (Q-Team Dr. Knabe GmbH, Korschenbroich, Germany)
Drivers32: vidc.rmp4 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\REALmagic\rmp4.dll ()
Drivers32: vidc.rt21 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir21_r.dll ()
Drivers32: vidc.rud0 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Rududu\rududu.dll (nico)
Drivers32: vidc.s422 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Tekram\tekyuv.dll ()
Drivers32: vidc.sjpg - C:\Program Files\ACE Mega CoDecS Pack\SystemS\pmjpeg32.dll (White Pine Software and Paradigm Matrix)
Drivers32: vidc.sony - C:\Program Files\ACE Mega CoDecS Pack\SystemS\SONY\sonydv.dll (Sony Corporation)
Drivers32: vidc.t420 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Toshiba\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.tscc - C:\Program Files\ACE Mega CoDecS Pack\SystemS\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.uyvy - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.vcr1 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\ATI\ativcr1.dll (ATI Technologies, Inc.)
Drivers32: vidc.vcr2 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\ATI\ativcr2.dll (ATI Technologies, Inc.)
Drivers32: vidc.vifp - C:\Program Files\ACE Mega CoDecS Pack\SystemS\vfcodec.dll ()
Drivers32: vidc.vixl - C:\Program Files\ACE Mega CoDecS Pack\SystemS\MIRO\miroxl32.dll (Pinnacle Systems)
Drivers32: vidc.vp30 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\On2 Technologies\vp31vfw.dll (On2.com)
Drivers32: vidc.vp31 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\On2 Technologies\vp31vfw.dll (On2.com)
Drivers32: vidc.vp60 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\On2 Technologies\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\On2 Technologies\vp6vfw.dll (On2.com)
Drivers32: vidc.vssv - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Vanguard Software Sollutions\vsscodec.dll (Vanguard Software Solutions, Inc.)
Drivers32: vidc.wmv3 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.wnv1 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\wnvplay1.dll (Winnov)
Drivers32: vidc.wrpr - C:\Program Files\ACE Mega CoDecS Pack\SystemS\aviwrap.dll ()
Drivers32: vidc.xvid - C:\Program Files\ACE Mega CoDecS Pack\SystemS\XviD\xvidvfw.dll ()
Drivers32: vidc.y411 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Toshiba\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.y41p - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Brooktree\btvvc32.drv (Brooktree Corporation)
Drivers32: vidc.yuy2 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\ATI\atiyuv12.dll ()
Drivers32: vidc.yvu9 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\iyvu9_32.dll ()
Drivers32: vidc.yvyu - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.zlib - C:\Program Files\ACE Mega CoDecS Pack\SystemS\avizlib.dll ()
CREATERESTOREPOINT
Error starting restore point: 31
Error closing restore point: The sequence number is invalid.
========== Files/Folders - Created Within 7 Days ==========
[2010.01.30 12:55:12 | 00,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tomba Bomba\Plocha\OTL.exe
[2010.01.30 11:56:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\LogMeIn Hamachi
[2010.01.30 11:21:44 | 00,000,000 | ---D | C] -- C:\Avenger
[2010.01.30 10:49:43 | 00,692,210 | ---- | C] (UG North ) -- C:\Documents and Settings\Tomba Bomba\Plocha\RkU3.8.386.588.exe
[2010.01.30 10:49:43 | 00,000,000 | ---D | C] -- C:\RK
[2010.01.30 10:19:08 | 00,000,000 | ---D | C] -- C:\rsit
[2010.01.30 10:07:09 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010.01.30 10:06:54 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Tomba Bomba\Plocha\HJTInstall.exe
[2010.01.30 09:57:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010.01.30 01:05:54 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010.01.30 01:04:58 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Data aplikací\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2010.01.30 01:04:34 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010.01.30 01:04:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
[2010.01.29 14:08:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomba Bomba\Data aplikací\U3
[2010.01.29 14:01:16 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2010.01.29 13:57:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomba Bomba\Dokumenty\The KMPlayer
[2010.01.29 13:19:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomba Bomba\Data aplikací\Printer Info Cache
[2010.01.29 13:19:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomba Bomba\Data aplikací\Image Zone Express
[2010.01.29 13:19:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomba Bomba\Dokumenty\Moje naskenované obrázky
[2010.01.29 13:11:13 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Tomba Bomba\UserData
[2010.01.29 13:09:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomba Bomba\Data aplikací\HP
[2010.01.29 12:23:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomba Bomba\Plocha\TOP SYKRIT
[2010.01.29 12:10:44 | 00,000,000 | ---D | C] -- C:\Program Files\RapidDown
[2010.01.29 12:01:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomba Bomba\Plocha\Programy ke spuštění
[2010.01.29 11:55:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomba Bomba\Dokumenty\Stažené soubory
[2010.01.29 10:20:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomba Bomba\Data aplikací\Macromedia
[2010.01.29 10:20:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomba Bomba\Data aplikací\Adobe
[2010.01.29 10:12:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomba Bomba\Data aplikací\PC Suite
[2010.01.25 20:58:17 | 00,000,000 | ---D | C] -- C:\Program Files\ICQ6Toolbar
[2010.01.25 20:58:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2010.01.25 20:57:19 | 00,000,000 | ---D | C] -- C:\Program Files\ICQ6.5
[2010.01.25 12:21:35 | 00,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2010.01.24 12:47:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010.01.17 21:26:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2010.01.02 19:30:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2010.01.02 19:27:13 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2010.01.02 19:27:13 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[1999.04.07 18:39:18 | 00,099,840 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRAABOUT.DLL
[1998.12.09 02:53:54 | 00,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAREG.DLL
[1998.12.09 02:53:54 | 00,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAMDMTR.DLL
[1998.12.09 02:53:54 | 00,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRALPTTR.DLL
[1998.12.09 02:53:54 | 00,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAWEBTR.DLL
[1998.12.09 02:53:54 | 00,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRASRIAL.DLL
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2010.01.30 12:55:16 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tomba Bomba\Plocha\OTL.exe
[2010.01.30 12:09:23 | 00,284,915 | ---- | M] () -- C:\Documents and Settings\Tomba Bomba\Plocha\gmer.zip
[2010.01.30 11:56:41 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.01.30 11:56:41 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010.01.30 11:56:41 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010.01.30 11:56:40 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010.01.30 11:56:40 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010.01.30 11:55:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.01.30 11:55:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.01.30 11:55:24 | 53,639,9872 | -HS- | M] () -- C:\hiberfil.sys
[2010.01.30 11:54:19 | 01,572,864 | -H-- | M] () -- C:\Documents and Settings\Tomba Bomba\NTUSER.DAT
[2010.01.30 11:54:19 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Tomba Bomba\ntuser.ini
[2010.01.30 11:46:21 | 00,000,244 | ---- | M] () -- C:\Documents and Settings\Tomba Bomba\Plocha\autorun.zip
[2010.01.30 11:25:47 | 04,325,346 | -H-- | M] () -- C:\Documents and Settings\Tomba Bomba\Local Settings\Data aplikací\IconCache.db
[2010.01.30 11:19:07 | 00,731,136 | ---- | M] () -- C:\Documents and Settings\Tomba Bomba\Plocha\avenger.exe
[2010.01.30 10:49:09 | 00,601,484 | ---- | M] () -- C:\Documents and Settings\Tomba Bomba\Plocha\RkU3.8.386.588.rar
[2010.01.30 10:18:33 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Tomba Bomba\Plocha\RSIT.exe
[2010.01.30 10:07:09 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Tomba Bomba\Plocha\HijackThis.lnk
[2010.01.30 10:06:55 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Tomba Bomba\Plocha\HJTInstall.exe
[2010.01.30 01:05:43 | 00,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010.01.30 01:04:56 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Ad-Aware.lnk
[2010.01.29 13:28:58 | 50,676,687 | ---- | M] () -- C:\Documents and Settings\Tomba Bomba\Plocha\eset-smart-security-v4-0-474-100-works-licence-64bit-cz.rar
[2010.01.29 12:31:11 | 47,127,438 | ---- | M] () -- C:\Documents and Settings\Tomba Bomba\Plocha\eset-smart-security-v4-0-474-100-works-licence-32bit-cz.rar
[2010.01.29 12:10:17 | 00,020,408 | ---- | M] () -- C:\Documents and Settings\Tomba Bomba\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.01.30 12:12:07 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Tomba Bomba\Plocha\gmer.exe
[2010.01.30 12:09:21 | 00,284,915 | ---- | C] () -- C:\Documents and Settings\Tomba Bomba\Plocha\gmer.zip
[2010.01.30 11:46:20 | 00,000,244 | ---- | C] () -- C:\Documents and Settings\Tomba Bomba\Plocha\autorun.zip
[2010.01.30 11:18:57 | 00,731,136 | ---- | C] () -- C:\Documents and Settings\Tomba Bomba\Plocha\avenger.exe
[2010.01.30 10:49:03 | 00,601,484 | ---- | C] () -- C:\Documents and Settings\Tomba Bomba\Plocha\RkU3.8.386.588.rar
[2010.01.30 10:18:31 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Tomba Bomba\Plocha\RSIT.exe
[2010.01.30 10:07:09 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Tomba Bomba\Plocha\HijackThis.lnk
[2010.01.30 09:59:21 | 53,639,9872 | -HS- | C] () -- C:\hiberfil.sys
[2010.01.30 02:24:46 | 00,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010.01.30 01:07:14 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.01.30 01:07:14 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010.01.30 01:07:14 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010.01.30 01:07:13 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010.01.30 01:07:11 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010.01.30 01:04:56 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Ad-Aware.lnk
[2010.01.29 13:22:01 | 50,676,687 | ---- | C] () -- C:\Documents and Settings\Tomba Bomba\Plocha\eset-smart-security-v4-0-474-100-works-licence-64bit-cz.rar
[2010.01.29 12:24:48 | 47,127,438 | ---- | C] () -- C:\Documents and Settings\Tomba Bomba\Plocha\eset-smart-security-v4-0-474-100-works-licence-32bit-cz.rar
[2010.01.06 22:43:14 | 00,079,960 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2010.01.04 18:40:40 | 00,000,283 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\hpzinstall.log
[2010.01.03 17:32:28 | 00,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.01.03 17:32:27 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2010.01.03 17:32:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2010.01.03 17:14:32 | 00,000,761 | ---- | C] () -- C:\WINDOWS\m3jp2k.ini
[2010.01.03 17:14:32 | 00,000,702 | ---- | C] () -- C:\WINDOWS\mmtvmj.ini
[2010.01.03 17:14:31 | 00,000,714 | ---- | C] () -- C:\WINDOWS\m3jpeg.ini
[2010.01.03 17:14:27 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2010.01.03 17:14:26 | 00,152,064 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.01.03 17:14:24 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.01.02 19:36:21 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2010.01.02 19:36:20 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005.12.07 12:31:00 | 00,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2004.08.17 15:49:10 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004.07.17 11:36:38 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004.04.22 06:58:26 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[1999.01.22 18:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
========== LOP Check ==========
[2010.01.12 22:38:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Downloaded Installations
[2010.01.03 13:39:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2010.01.25 20:58:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2010.01.12 22:39:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2010.01.15 21:42:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Sony
[2010.01.30 01:05:07 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2010.01.12 22:41:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Milda\Data aplikací\Datalayer
[2010.01.03 19:50:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Milda\Data aplikací\ESET
[2010.01.25 20:59:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Milda\Data aplikací\ICQ
[2010.01.12 22:40:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Milda\Data aplikací\Nokia
[2010.01.12 22:38:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Milda\Data aplikací\PC Suite
[2010.01.17 21:37:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Milda\Data aplikací\Publish Providers
[2010.01.17 21:37:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Milda\Data aplikací\Sony
[2010.01.06 22:33:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Milda\Data aplikací\Sony Setup
[2010.01.05 17:46:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Milda\Data aplikací\Thunderbird
[2010.01.03 15:04:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomba Bomba\Data aplikací\DAEMON Tools
[2010.01.03 13:41:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomba Bomba\Data aplikací\ESET
[2010.01.02 19:55:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomba Bomba\Data aplikací\GHISLER
[2010.01.29 13:19:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomba Bomba\Data aplikací\Image Zone Express
[2010.01.29 10:12:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomba Bomba\Data aplikací\PC Suite
[2010.01.29 13:19:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomba Bomba\Data aplikací\Printer Info Cache
[2010.01.03 17:31:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomba Bomba\Data aplikací\Thunderbird
[2010.01.03 15:55:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Táta\Data aplikací\ESET
[2010.01.03 17:07:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Táta\Data aplikací\GHISLER
[2010.01.04 18:49:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Táta\Data aplikací\Image Zone Express
[2010.01.13 07:36:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Táta\Data aplikací\PC Suite
[2010.01.04 18:49:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Táta\Data aplikací\Printer Info Cache
[2010.01.03 16:53:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Táta\Data aplikací\Thunderbird
[2010.01.30 11:56:40 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010.01.30 11:56:40 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010.01.30 11:56:41 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010.01.30 11:56:41 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010.01.30 11:56:41 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2004.08.17 15:49:24 | 00,015,360 | ---- | M] (Microsoft Corporation)
< c:\windows\*.* /U >
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< MD5 for: AGP440.SYS >
[2010.01.02 20:04:49 | 18,786,869 | ---- | M] () .cab file -- C:\C_\5c17bb43649c14c1288a67fdd0\i386\sp2.cab:AGP440.sys
[2010.01.02 20:14:14 | 18,786,869 | ---- | M] () .cab file -- C:\C_\dbd5104248c251ed6b9bc048\i386\sp2.cab:AGP440.sys
[2010.01.03 17:45:34 | 18,786,869 | ---- | M] () .cab file -- C:\C_\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004.08.17 15:57:28 | 18,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2010.01.02 20:04:49 | 18,786,869 | ---- | M] () .cab file -- C:\C_\5c17bb43649c14c1288a67fdd0\i386\sp2.cab:atapi.sys
[2010.01.02 20:14:14 | 18,786,869 | ---- | M] () .cab file -- C:\C_\dbd5104248c251ed6b9bc048\i386\sp2.cab:atapi.sys
[2010.01.03 17:45:34 | 18,786,869 | ---- | M] () .cab file -- C:\C_\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.17 15:57:28 | 18,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2004.08.17 15:49:08 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.17 15:49:08 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2010.01.03 17:43:50 | 01,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\C_\WINDOWS\explorer.exe
[2004.08.17 15:49:24 | 01,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\explorer.exe
[2004.08.17 15:49:24 | 01,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2010.01.02 20:04:49 | 18,786,869 | ---- | M] () .cab file -- C:\C_\5c17bb43649c14c1288a67fdd0\i386\sp2.cab:hal.dll
[2010.01.02 20:14:14 | 18,786,869 | ---- | M] () .cab file -- C:\C_\dbd5104248c251ed6b9bc048\i386\sp2.cab:hal.dll
[2010.01.03 17:45:34 | 18,786,869 | ---- | M] () .cab file -- C:\C_\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2004.08.17 15:57:28 | 18,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2004.08.03 22:59:10 | 00,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\system32\hal.dll
< MD5 for: LSASS.EXE >
[2004.08.17 15:49:24 | 00,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2004.08.17 15:49:24 | 00,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2004.08.03 23:14:30 | 00,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys
[2004.08.03 23:14:30 | 00,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2004.08.17 15:49:14 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004.08.17 15:49:14 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004.08.17 15:49:18 | 00,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004.08.17 15:49:18 | 00,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 00,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\dllcache\smss.exe
[2004.08.17 15:49:28 | 00,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe
[2010.01.02 20:18:43 | 00,481,792 | ---- | M] (Microsoft Corporation) MD5=CB56F803D2CAF6B3F32E82D2F73F4B3A -- C:\C_\dbd5104248c251ed6b9bc048\i386\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2004.08.17 15:49:28 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004.08.17 15:49:28 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2004.08.03 23:14:42 | 00,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2004.08.03 23:14:42 | 00,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\system32\drivers\tcpip.sys
< MD5 for: USERINIT.EXE >
[2004.08.17 15:49:28 | 00,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004.08.17 15:49:28 | 00,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe
< MD5 for: VIAMRAID.SYS >
[2007.03.19 17:18:12 | 00,104,064 | ---- | M] (VIA Technologies inc,.ltd) MD5=85E9421C8A99D1291B43B9B59A669AC3 -- C:\WINDOWS\OemDir\viamraid.sys
[2007.03.19 17:18:12 | 00,104,064 | ---- | M] (VIA Technologies inc,.ltd) MD5=85E9421C8A99D1291B43B9B59A669AC3 -- C:\WINDOWS\system32\drivers\viamraid.sys
< MD5 for: VIASRAID.SYS >
[2003.06.12 11:31:46 | 00,075,904 | R--- | M] (VIA Technologies inc,.ltd) MD5=1493F351E5A4B915FB5BBB735C14004B -- C:\WINDOWS\system32\drivers\viasraid.sys
< MD5 for: WINLOGON.EXE >
[2004.08.17 15:49:28 | 00,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004.08.17 15:49:28 | 00,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2004.08.17 15:49:22 | 00,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2004.08.17 15:49:22 | 00,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< End of report >
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-30 12:14:29
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\TOMBAB~1\LOCALS~1\Temp\pwqoipoc.sys
---- System - GMER 1.0.15 ----
Code 8207C770 ZwEnumerateKey
Code 8207C490 ZwFlushInstructionCache
Code 820813B6 ZwSaveKey
Code 8207CA7E ZwSaveKeyEx
Code 8208148E IofCallDriver
Code 82082856 IofCompleteRequest
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
---- Threads - GMER 1.0.15 ----
Thread System [4:568] 81B26930
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\drivers\kbiwkmqbrntoql.sys (*** hidden *** ) [SYSTEM] kbiwkmotvcjgid <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
log z OTL.txt
OTL logfile created on: 30.1.2010 12:56:45 - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Tomba Bomba\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
511,00 Mb Total Physical Memory | 91,00 Mb Available Physical Memory | 18,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 64,15 Gb Free Space | 27,55% Space Free | Partition Type: NTFS
Drive D: | 111,79 Gb Total Space | 18,01 Gb Free Space | 16,11% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 448,07 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 3,89 Gb Total Space | 0,27 Gb Free Space | 6,96% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JI-9071C58F5DF0
Current User Name: Tomba Bomba
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.01.30 12:55:16 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tomba Bomba\Plocha\OTL.exe
PRC - [2010.01.30 01:05:34 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010.01.30 01:05:33 | 01,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010.01.12 23:09:23 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2010.01.12 23:09:23 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2010.01.07 19:56:28 | 00,908,248 | ---- | M] (Mozilla Corporation) -- D:\Program files\Mozilla Firefox\firefox.exe
PRC - [2009.12.15 11:24:48 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Tomba Bomba\Plocha\gmer.exe
PRC - [2009.11.16 09:04:30 | 00,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009.11.16 09:03:32 | 02,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009.10.29 12:27:54 | 01,074,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2009.08.16 14:01:16 | 00,222,968 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2007.03.11 21:34:40 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2006.06.15 12:36:18 | 00,229,376 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
PRC - [2006.06.05 13:59:18 | 00,174,080 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
PRC - [2004.08.17 15:49:30 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2004.08.17 15:49:24 | 01,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004.04.22 06:56:04 | 00,397,312 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2004.04.21 21:10:00 | 00,335,872 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2004.01.08 19:54:06 | 00,065,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2003.07.31 06:59:14 | 00,561,152 | R--- | M] (VIA) -- C:\Program Files\VIA\RAID\raid_tool.exe
PRC - [2001.10.25 14:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
========== Modules (SafeList) ==========
MOD - [2010.01.30 12:55:16 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tomba Bomba\Plocha\OTL.exe
MOD - [2004.08.17 15:48:02 | 01,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2010.01.30 01:05:33 | 01,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.01.12 23:09:23 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009.11.16 09:12:54 | 00,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.11.16 09:04:30 | 00,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009.10.29 12:27:54 | 01,074,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009.08.16 14:01:16 | 00,222,968 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2007.03.11 21:24:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2006.10.30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2006.06.05 13:59:18 | 00,174,080 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer)
SRV - [2004.04.22 06:56:04 | 00,397,312 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2004.04.21 21:10:00 | 00,516,096 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | Unknown | Running] -- -- (alig)
DRV - [2009.11.16 09:06:48 | 00,055,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009.11.16 09:06:44 | 00,135,048 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009.11.16 09:03:36 | 00,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.11.16 08:56:12 | 00,116,520 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009.09.23 13:55:23 | 00,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009.09.23 09:41:58 | 00,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.06.19 08:10:40 | 00,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2007.03.19 17:18:12 | 00,104,064 | ---- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\viamraid.sys -- (viamraid)
DRV - [2006.05.29 08:26:38 | 00,127,488 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - [2006.05.29 08:26:36 | 00,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2006.05.29 08:26:36 | 00,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic)
DRV - [2004.08.17 15:57:28 | 00,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2004.08.04 00:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004.07.17 11:36:38 | 00,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004.04.22 07:11:06 | 00,729,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004.01.09 16:17:02 | 00,601,100 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003.12.31 04:58:46 | 00,069,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003.12.11 16:54:14 | 00,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003.07.01 21:42:00 | 00,027,904 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003.06.12 11:31:46 | 00,075,904 | R--- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viasraid.sys -- (viasraid)
DRV - [2001.10.25 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-790525478-1637723038-839522115-1005\S-1-5-21-790525478-1637723038-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "seznam.cz"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... id=afex&q="
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: D:\Program files\Mozilla Firefox\components [2010.01.11 22:36:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: D:\Program files\Mozilla Firefox\plugins [2010.01.07 19:56:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.01.25 15:26:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010.01.29 14:01:17 | 00,000,000 | ---D | M]
[2010.01.03 13:57:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomba Bomba\Data aplikací\Mozilla\Extensions
[2010.01.03 13:57:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomba Bomba\Data aplikací\Mozilla\Firefox\Profiles\uarfas5k.default\extensions
[2010.01.29 10:13:44 | 00,000,694 | ---- | M] () -- C:\Documents and Settings\Tomba Bomba\Data aplikací\Mozilla\Firefox\Profiles\uarfas5k.default\searchplugins\icq-search.xml
[2008.03.31 09:52:00 | 00,000,168 | ---- | M] () -- C:\Documents and Settings\Tomba Bomba\Data aplikací\Mozilla\Firefox\Profiles\uarfas5k.default\searchplugins\icqplugin.gif
[2008.03.31 09:52:00 | 00,000,618 | ---- | M] () -- C:\Documents and Settings\Tomba Bomba\Data aplikací\Mozilla\Firefox\Profiles\uarfas5k.default\searchplugins\icqplugin.src
O1 HOSTS File: ([2001.10.25 14:00:00 | 00,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Port pro program Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1029\OLFSNT40.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe (VIA)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-790525478-1637723038-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.02 19:27:20 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008.03.13 16:14:39 | 00,000,040 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010.01.02 19:26:52 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.at3 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\SONY\atrac3.acm ()
Drivers32: msacm.CoreFLAC_ACM - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Core\CoreFLAC_ACM.acm ()
Drivers32: msacm.divxa32 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\DivX\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.iac2 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.imc - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\imc32.acm (Intel Corporation)
Drivers32: msacm.l3acm - C:\Program Files\ACE Mega CoDecS Pack\SystemS\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Program Files\ACE Mega CoDecS Pack\SystemS\lameacm.acm (http://www.mp3dev.org/)
Drivers32: msacm.lhacm - C:\Program Files\ACE Mega CoDecS Pack\SystemS\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.msadpcm - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.pcdv - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Canopus\pcdv.acm (Canopus Co., Ltd.)
Drivers32: msacm.qmpeg - C:\Program Files\ACE Mega CoDecS Pack\SystemS\QDesign\qmpeg.acm (QDesign Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\Program Files\ACE Mega CoDecS Pack\SystemS\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\Program Files\ACE Mega CoDecS Pack\SystemS\OGG\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: msacm.voxacm160 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\VoxWare\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.aas4 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Autodesk\aasc32.dll (Autodesk, Inc.)
Drivers32: vidc.aasc - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Autodesk\aasc32.dll (Autodesk, Inc.)
Drivers32: vidc.advj - C:\Program Files\ACE Mega CoDecS Pack\SystemS\avidavicodec.dll (Avid Technology, Inc)
Drivers32: vidc.advs - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Adaptec\dvc.dll (Adaptec)
Drivers32: vidc.aflc - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Autodesk\flccodec32.dll (Autodesk, Inc.)
Drivers32: vidc.afli - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Autodesk\flccodec32.dll (Autodesk, Inc.)
Drivers32: vidc.ap41 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\DivX\divxc32f.dll (Hacked with Joy !)
Drivers32: vidc.asv1 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\ASUS\asusasv1.dll ()
Drivers32: vidc.asv2 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\ASUS\asusasv2.dll ()
Drivers32: vidc.asvx - C:\Program Files\ACE Mega CoDecS Pack\SystemS\ASUS\asusasv2.dll ()
Drivers32: vidc.avi1 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\MainConcept\mcmjpg32.dll (MainConcept)
Drivers32: vidc.avi2 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\MainConcept\mcmjpg32.dll (MainConcept)
Drivers32: vidc.avrn - C:\Program Files\ACE Mega CoDecS Pack\SystemS\avidavicodec.dll (Avid Technology, Inc)
Drivers32: vidc.bt20 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Brooktree\btvvc32.drv (Brooktree Corporation)
Drivers32: vidc.cdvc - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Canopus\csccdvc.dll (Canopus Co., Ltd.)
Drivers32: vidc.cram - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.cscd - C:\Program Files\ACE Mega CoDecS Pack\SystemS\camcodec.dll (RenderSoft Software.)
Drivers32: vidc.cvid - C:\Program Files\ACE Mega CoDecS Pack\SystemS\iccvid.dll (Compression Technologies, Inc.)
Drivers32: vidc.davc - C:\Program Files\ACE Mega CoDecS Pack\SystemS\dicas\davcvfw.dll (dicas)
Drivers32: vidc.dcap - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Pinnacle\mirodv2avi.dll (Pinnacle Systems)
Drivers32: vidc.dcmj - C:\Program Files\ACE Mega CoDecS Pack\SystemS\MainConcept\mcmjpg32.dll (MainConcept)
Drivers32: vidc.ddvc - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Canopus\cscdvsd.dll (Canopus Co., Ltd.)
Drivers32: vidc.div3 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\DivX\divxc32.dll (Hacked with Joy !)
Drivers32: vidc.div4 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\DivX\divxc32f.dll (Hacked with Joy !)
Drivers32: vidc.div5 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\DivX\divxc32.dll (Hacked with Joy !)
Drivers32: vidc.div6 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\DivX\divxc32f.dll (Hacked with Joy !)
Drivers32: vidc.divx - C:\Program Files\ACE Mega CoDecS Pack\SystemS\DivX\DivX520.dll (DivXNetworks, Inc.)
Drivers32: vidc.dmb2 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\pmjpeg32.dll (White Pine Software and Paradigm Matrix)
Drivers32: vidc.dv25 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.dv50 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.dvc - C:\Program Files\ACE Mega CoDecS Pack\SystemS\MainConcept\mcdvd_32.dll (MainConcept)
Drivers32: vidc.dvcp - C:\Program Files\ACE Mega CoDecS Pack\SystemS\SONY\sonydv.dll (Sony Corporation)
Drivers32: vidc.dvcs - C:\Program Files\ACE Mega CoDecS Pack\SystemS\MainConcept\mcdvd_32.dll (MainConcept)
Drivers32: vidc.dvsd - C:\Program Files\ACE Mega CoDecS Pack\SystemS\MainConcept\mcdvd_32.dll (MainConcept)
Drivers32: vidc.dvx4 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\DivX\DivX4.dll (DivXNetworks, Inc.)
Drivers32: vidc.em2v - C:\Program Files\ACE Mega CoDecS Pack\SystemS\etxcodec.dll (Etymonix Inc.)
Drivers32: vidc.frwa - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Forward\frwt.dll (Darim Vision Co.)
Drivers32: vidc.frwd - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Forward\frwd.dll (Darim Vision Co.)
Drivers32: vidc.frwt - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Forward\frwd.dll (Darim Vision Co.)
Drivers32: vidc.frwu - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Forward\frwu.dll (Darim Vision Co.)
Drivers32: vidc.gepj - C:\Program Files\ACE Mega CoDecS Pack\SystemS\pmjpeg32.dll (White Pine Software and Paradigm Matrix)
Drivers32: vidc.glzw - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Gabest\glzw.dll (Gabest)
Drivers32: vidc.gpeg - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Gabest\gpeg.dll (Gabest)
Drivers32: vidc.gpjm - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Pinnacle\rtmjpgcdc.dll (Pinnacle Systems)
Drivers32: vidc.hfyu - C:\Program Files\ACE Mega CoDecS Pack\SystemS\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.i263 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\i263_32.drv (Intel Corporation)
Drivers32: vidc.i420 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\msh263.drv (Microsoft Corporation)
Drivers32: vidc.ipdv - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Panasonic\idvcodec.dll (Matsushita Electric Industrial Co., Ltd. I-O DATA DEVICE,INC.)
Drivers32: vidc.ir21 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir21_r.dll ()
Drivers32: vidc.iv30 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv31 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv33 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv34 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv35 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv36 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv37 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv38 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv39 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll ()
Drivers32: vidc.iv40 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv41 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv42 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv43 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv44 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv45 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv46 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv47 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv48 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv49 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv50 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.lead - C:\Program Files\ACE Mega CoDecS Pack\SystemS\LEAD\lcodccmp.dll (LEAD Technologies, Inc.)
Drivers32: vidc.m261 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\msh261.drv (Microsoft Corporation)
Drivers32: vidc.m263 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\msh263.drv (Microsoft Corporation)
Drivers32: vidc.miro - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Pinnacle\mirodv2avi.dll (Pinnacle Systems)
Drivers32: vidc.mjpa - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Pinnacle\rtmjpgcdc.dll (Pinnacle Systems)
Drivers32: vidc.mjpx - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Pegasus\pvmjpg21.dll (Pegasus Imaging Corporation)
Drivers32: vidc.mkvc - C:\Program Files\ACE Mega CoDecS Pack\SystemS\kmvidc32.dll ()
Drivers32: vidc.mmes - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mmjp - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mp41 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll ()
Drivers32: vidc.mp42 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll ()
Drivers32: vidc.mp4s - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll ()
Drivers32: vidc.mp4v - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll ()
Drivers32: vidc.mpg3 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\DivX\divxc32.dll (Hacked with Joy !)
Drivers32: vidc.mpg4 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msmc - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.msvc - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.mszh - C:\Program Files\ACE Mega CoDecS Pack\SystemS\avimszh.dll ()
Drivers32: vidc.mtx1 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mtx2 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mtx3 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mtx4 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mtx5 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mtx6 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mtx7 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mtx8 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mtx9 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Matrox\digivcap.dll (Matrox Electronic Systems)
Drivers32: vidc.mwv1 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Aware\icmw_32.dll (Aware Inc.)
Drivers32: vidc.nt00 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Newtek\ntcodec.dll (NewTek, Inc)
Drivers32: vidc.pdvc - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Panasonic\idvcodec.dll (Matsushita Electric Industrial Co., Ltd. I-O DATA DEVICE,INC.)
Drivers32: vidc.pim1 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Pinnacle\pclepim1.dll (Pinnacle Systems)
Drivers32: vidc.pimj - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Pegasus\pvljpg20.dll (Pegasus Imaging Corporation)
Drivers32: vidc.png1 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Core\CorePNG_vfw.dll ()
Drivers32: vidc.pvw2 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Pegasus\pvwv220.dll (Pegasus Imaging Corporation)
Drivers32: vidc.q1.0 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\qpeg32.dll (Q-Team Dr. Knabe GmbH, Korschenbroich, Germany)
Drivers32: vidc.qpeg - C:\Program Files\ACE Mega CoDecS Pack\SystemS\qpeg32.dll (Q-Team Dr. Knabe GmbH, Korschenbroich, Germany)
Drivers32: vidc.rmp4 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\REALmagic\rmp4.dll ()
Drivers32: vidc.rt21 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\ir21_r.dll ()
Drivers32: vidc.rud0 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Rududu\rududu.dll (nico)
Drivers32: vidc.s422 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Tekram\tekyuv.dll ()
Drivers32: vidc.sjpg - C:\Program Files\ACE Mega CoDecS Pack\SystemS\pmjpeg32.dll (White Pine Software and Paradigm Matrix)
Drivers32: vidc.sony - C:\Program Files\ACE Mega CoDecS Pack\SystemS\SONY\sonydv.dll (Sony Corporation)
Drivers32: vidc.t420 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Toshiba\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.tscc - C:\Program Files\ACE Mega CoDecS Pack\SystemS\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.uyvy - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.vcr1 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\ATI\ativcr1.dll (ATI Technologies, Inc.)
Drivers32: vidc.vcr2 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\ATI\ativcr2.dll (ATI Technologies, Inc.)
Drivers32: vidc.vifp - C:\Program Files\ACE Mega CoDecS Pack\SystemS\vfcodec.dll ()
Drivers32: vidc.vixl - C:\Program Files\ACE Mega CoDecS Pack\SystemS\MIRO\miroxl32.dll (Pinnacle Systems)
Drivers32: vidc.vp30 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\On2 Technologies\vp31vfw.dll (On2.com)
Drivers32: vidc.vp31 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\On2 Technologies\vp31vfw.dll (On2.com)
Drivers32: vidc.vp60 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\On2 Technologies\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\On2 Technologies\vp6vfw.dll (On2.com)
Drivers32: vidc.vssv - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Vanguard Software Sollutions\vsscodec.dll (Vanguard Software Solutions, Inc.)
Drivers32: vidc.wmv3 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.wnv1 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\wnvplay1.dll (Winnov)
Drivers32: vidc.wrpr - C:\Program Files\ACE Mega CoDecS Pack\SystemS\aviwrap.dll ()
Drivers32: vidc.xvid - C:\Program Files\ACE Mega CoDecS Pack\SystemS\XviD\xvidvfw.dll ()
Drivers32: vidc.y411 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Toshiba\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.y41p - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Brooktree\btvvc32.drv (Brooktree Corporation)
Drivers32: vidc.yuy2 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\ATI\atiyuv12.dll ()
Drivers32: vidc.yvu9 - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Intel\iyvu9_32.dll ()
Drivers32: vidc.yvyu - C:\Program Files\ACE Mega CoDecS Pack\SystemS\Microsoft\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.zlib - C:\Program Files\ACE Mega CoDecS Pack\SystemS\avizlib.dll ()
CREATERESTOREPOINT
Error starting restore point: 31
Error closing restore point: The sequence number is invalid.
========== Files/Folders - Created Within 7 Days ==========
[2010.01.30 12:55:12 | 00,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tomba Bomba\Plocha\OTL.exe
[2010.01.30 11:56:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\LogMeIn Hamachi
[2010.01.30 11:21:44 | 00,000,000 | ---D | C] -- C:\Avenger
[2010.01.30 10:49:43 | 00,692,210 | ---- | C] (UG North ) -- C:\Documents and Settings\Tomba Bomba\Plocha\RkU3.8.386.588.exe
[2010.01.30 10:49:43 | 00,000,000 | ---D | C] -- C:\RK
[2010.01.30 10:19:08 | 00,000,000 | ---D | C] -- C:\rsit
[2010.01.30 10:07:09 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010.01.30 10:06:54 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Tomba Bomba\Plocha\HJTInstall.exe
[2010.01.30 09:57:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010.01.30 01:05:54 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010.01.30 01:04:58 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Data aplikací\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2010.01.30 01:04:34 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010.01.30 01:04:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
[2010.01.29 14:08:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomba Bomba\Data aplikací\U3
[2010.01.29 14:01:16 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2010.01.29 13:57:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomba Bomba\Dokumenty\The KMPlayer
[2010.01.29 13:19:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomba Bomba\Data aplikací\Printer Info Cache
[2010.01.29 13:19:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomba Bomba\Data aplikací\Image Zone Express
[2010.01.29 13:19:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomba Bomba\Dokumenty\Moje naskenované obrázky
[2010.01.29 13:11:13 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Tomba Bomba\UserData
[2010.01.29 13:09:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomba Bomba\Data aplikací\HP
[2010.01.29 12:23:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomba Bomba\Plocha\TOP SYKRIT
[2010.01.29 12:10:44 | 00,000,000 | ---D | C] -- C:\Program Files\RapidDown
[2010.01.29 12:01:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomba Bomba\Plocha\Programy ke spuštění
[2010.01.29 11:55:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomba Bomba\Dokumenty\Stažené soubory
[2010.01.29 10:20:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomba Bomba\Data aplikací\Macromedia
[2010.01.29 10:20:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomba Bomba\Data aplikací\Adobe
[2010.01.29 10:12:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomba Bomba\Data aplikací\PC Suite
[2010.01.25 20:58:17 | 00,000,000 | ---D | C] -- C:\Program Files\ICQ6Toolbar
[2010.01.25 20:58:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2010.01.25 20:57:19 | 00,000,000 | ---D | C] -- C:\Program Files\ICQ6.5
[2010.01.25 12:21:35 | 00,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2010.01.24 12:47:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010.01.17 21:26:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2010.01.02 19:30:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2010.01.02 19:27:13 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2010.01.02 19:27:13 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[1999.04.07 18:39:18 | 00,099,840 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRAABOUT.DLL
[1998.12.09 02:53:54 | 00,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAREG.DLL
[1998.12.09 02:53:54 | 00,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAMDMTR.DLL
[1998.12.09 02:53:54 | 00,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRALPTTR.DLL
[1998.12.09 02:53:54 | 00,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAWEBTR.DLL
[1998.12.09 02:53:54 | 00,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRASRIAL.DLL
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 7 Days ==========
[2010.01.30 12:55:16 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tomba Bomba\Plocha\OTL.exe
[2010.01.30 12:09:23 | 00,284,915 | ---- | M] () -- C:\Documents and Settings\Tomba Bomba\Plocha\gmer.zip
[2010.01.30 11:56:41 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.01.30 11:56:41 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010.01.30 11:56:41 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010.01.30 11:56:40 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010.01.30 11:56:40 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010.01.30 11:55:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.01.30 11:55:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.01.30 11:55:24 | 53,639,9872 | -HS- | M] () -- C:\hiberfil.sys
[2010.01.30 11:54:19 | 01,572,864 | -H-- | M] () -- C:\Documents and Settings\Tomba Bomba\NTUSER.DAT
[2010.01.30 11:54:19 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Tomba Bomba\ntuser.ini
[2010.01.30 11:46:21 | 00,000,244 | ---- | M] () -- C:\Documents and Settings\Tomba Bomba\Plocha\autorun.zip
[2010.01.30 11:25:47 | 04,325,346 | -H-- | M] () -- C:\Documents and Settings\Tomba Bomba\Local Settings\Data aplikací\IconCache.db
[2010.01.30 11:19:07 | 00,731,136 | ---- | M] () -- C:\Documents and Settings\Tomba Bomba\Plocha\avenger.exe
[2010.01.30 10:49:09 | 00,601,484 | ---- | M] () -- C:\Documents and Settings\Tomba Bomba\Plocha\RkU3.8.386.588.rar
[2010.01.30 10:18:33 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Tomba Bomba\Plocha\RSIT.exe
[2010.01.30 10:07:09 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Tomba Bomba\Plocha\HijackThis.lnk
[2010.01.30 10:06:55 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Tomba Bomba\Plocha\HJTInstall.exe
[2010.01.30 01:05:43 | 00,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010.01.30 01:04:56 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Ad-Aware.lnk
[2010.01.29 13:28:58 | 50,676,687 | ---- | M] () -- C:\Documents and Settings\Tomba Bomba\Plocha\eset-smart-security-v4-0-474-100-works-licence-64bit-cz.rar
[2010.01.29 12:31:11 | 47,127,438 | ---- | M] () -- C:\Documents and Settings\Tomba Bomba\Plocha\eset-smart-security-v4-0-474-100-works-licence-32bit-cz.rar
[2010.01.29 12:10:17 | 00,020,408 | ---- | M] () -- C:\Documents and Settings\Tomba Bomba\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.01.30 12:12:07 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Tomba Bomba\Plocha\gmer.exe
[2010.01.30 12:09:21 | 00,284,915 | ---- | C] () -- C:\Documents and Settings\Tomba Bomba\Plocha\gmer.zip
[2010.01.30 11:46:20 | 00,000,244 | ---- | C] () -- C:\Documents and Settings\Tomba Bomba\Plocha\autorun.zip
[2010.01.30 11:18:57 | 00,731,136 | ---- | C] () -- C:\Documents and Settings\Tomba Bomba\Plocha\avenger.exe
[2010.01.30 10:49:03 | 00,601,484 | ---- | C] () -- C:\Documents and Settings\Tomba Bomba\Plocha\RkU3.8.386.588.rar
[2010.01.30 10:18:31 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Tomba Bomba\Plocha\RSIT.exe
[2010.01.30 10:07:09 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Tomba Bomba\Plocha\HijackThis.lnk
[2010.01.30 09:59:21 | 53,639,9872 | -HS- | C] () -- C:\hiberfil.sys
[2010.01.30 02:24:46 | 00,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010.01.30 01:07:14 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.01.30 01:07:14 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010.01.30 01:07:14 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010.01.30 01:07:13 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010.01.30 01:07:11 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010.01.30 01:04:56 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Ad-Aware.lnk
[2010.01.29 13:22:01 | 50,676,687 | ---- | C] () -- C:\Documents and Settings\Tomba Bomba\Plocha\eset-smart-security-v4-0-474-100-works-licence-64bit-cz.rar
[2010.01.29 12:24:48 | 47,127,438 | ---- | C] () -- C:\Documents and Settings\Tomba Bomba\Plocha\eset-smart-security-v4-0-474-100-works-licence-32bit-cz.rar
[2010.01.06 22:43:14 | 00,079,960 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2010.01.04 18:40:40 | 00,000,283 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\hpzinstall.log
[2010.01.03 17:32:28 | 00,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.01.03 17:32:27 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2010.01.03 17:32:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2010.01.03 17:14:32 | 00,000,761 | ---- | C] () -- C:\WINDOWS\m3jp2k.ini
[2010.01.03 17:14:32 | 00,000,702 | ---- | C] () -- C:\WINDOWS\mmtvmj.ini
[2010.01.03 17:14:31 | 00,000,714 | ---- | C] () -- C:\WINDOWS\m3jpeg.ini
[2010.01.03 17:14:27 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2010.01.03 17:14:26 | 00,152,064 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.01.03 17:14:24 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.01.02 19:36:21 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2010.01.02 19:36:20 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005.12.07 12:31:00 | 00,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2004.08.17 15:49:10 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004.07.17 11:36:38 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004.04.22 06:58:26 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[1999.01.22 18:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
========== LOP Check ==========
[2010.01.12 22:38:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Downloaded Installations
[2010.01.03 13:39:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2010.01.25 20:58:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2010.01.12 22:39:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2010.01.15 21:42:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Sony
[2010.01.30 01:05:07 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2010.01.12 22:41:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Milda\Data aplikací\Datalayer
[2010.01.03 19:50:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Milda\Data aplikací\ESET
[2010.01.25 20:59:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Milda\Data aplikací\ICQ
[2010.01.12 22:40:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Milda\Data aplikací\Nokia
[2010.01.12 22:38:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Milda\Data aplikací\PC Suite
[2010.01.17 21:37:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Milda\Data aplikací\Publish Providers
[2010.01.17 21:37:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Milda\Data aplikací\Sony
[2010.01.06 22:33:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Milda\Data aplikací\Sony Setup
[2010.01.05 17:46:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Milda\Data aplikací\Thunderbird
[2010.01.03 15:04:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomba Bomba\Data aplikací\DAEMON Tools
[2010.01.03 13:41:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomba Bomba\Data aplikací\ESET
[2010.01.02 19:55:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomba Bomba\Data aplikací\GHISLER
[2010.01.29 13:19:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomba Bomba\Data aplikací\Image Zone Express
[2010.01.29 10:12:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomba Bomba\Data aplikací\PC Suite
[2010.01.29 13:19:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomba Bomba\Data aplikací\Printer Info Cache
[2010.01.03 17:31:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomba Bomba\Data aplikací\Thunderbird
[2010.01.03 15:55:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Táta\Data aplikací\ESET
[2010.01.03 17:07:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Táta\Data aplikací\GHISLER
[2010.01.04 18:49:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Táta\Data aplikací\Image Zone Express
[2010.01.13 07:36:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Táta\Data aplikací\PC Suite
[2010.01.04 18:49:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Táta\Data aplikací\Printer Info Cache
[2010.01.03 16:53:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Táta\Data aplikací\Thunderbird
[2010.01.30 11:56:40 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010.01.30 11:56:40 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010.01.30 11:56:41 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010.01.30 11:56:41 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010.01.30 11:56:41 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2004.08.17 15:49:24 | 00,015,360 | ---- | M] (Microsoft Corporation)
< c:\windows\*.* /U >
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< MD5 for: AGP440.SYS >
[2010.01.02 20:04:49 | 18,786,869 | ---- | M] () .cab file -- C:\C_\5c17bb43649c14c1288a67fdd0\i386\sp2.cab:AGP440.sys
[2010.01.02 20:14:14 | 18,786,869 | ---- | M] () .cab file -- C:\C_\dbd5104248c251ed6b9bc048\i386\sp2.cab:AGP440.sys
[2010.01.03 17:45:34 | 18,786,869 | ---- | M] () .cab file -- C:\C_\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004.08.17 15:57:28 | 18,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2010.01.02 20:04:49 | 18,786,869 | ---- | M] () .cab file -- C:\C_\5c17bb43649c14c1288a67fdd0\i386\sp2.cab:atapi.sys
[2010.01.02 20:14:14 | 18,786,869 | ---- | M] () .cab file -- C:\C_\dbd5104248c251ed6b9bc048\i386\sp2.cab:atapi.sys
[2010.01.03 17:45:34 | 18,786,869 | ---- | M] () .cab file -- C:\C_\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.17 15:57:28 | 18,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2004.08.17 15:49:08 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.17 15:49:08 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2010.01.03 17:43:50 | 01,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\C_\WINDOWS\explorer.exe
[2004.08.17 15:49:24 | 01,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\explorer.exe
[2004.08.17 15:49:24 | 01,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2010.01.02 20:04:49 | 18,786,869 | ---- | M] () .cab file -- C:\C_\5c17bb43649c14c1288a67fdd0\i386\sp2.cab:hal.dll
[2010.01.02 20:14:14 | 18,786,869 | ---- | M] () .cab file -- C:\C_\dbd5104248c251ed6b9bc048\i386\sp2.cab:hal.dll
[2010.01.03 17:45:34 | 18,786,869 | ---- | M] () .cab file -- C:\C_\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2004.08.17 15:57:28 | 18,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2004.08.03 22:59:10 | 00,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\system32\hal.dll
< MD5 for: LSASS.EXE >
[2004.08.17 15:49:24 | 00,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2004.08.17 15:49:24 | 00,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2004.08.03 23:14:30 | 00,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys
[2004.08.03 23:14:30 | 00,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2004.08.17 15:49:14 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004.08.17 15:49:14 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004.08.17 15:49:18 | 00,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004.08.17 15:49:18 | 00,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 00,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\dllcache\smss.exe
[2004.08.17 15:49:28 | 00,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe
[2010.01.02 20:18:43 | 00,481,792 | ---- | M] (Microsoft Corporation) MD5=CB56F803D2CAF6B3F32E82D2F73F4B3A -- C:\C_\dbd5104248c251ed6b9bc048\i386\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2004.08.17 15:49:28 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004.08.17 15:49:28 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2004.08.03 23:14:42 | 00,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2004.08.03 23:14:42 | 00,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\system32\drivers\tcpip.sys
< MD5 for: USERINIT.EXE >
[2004.08.17 15:49:28 | 00,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004.08.17 15:49:28 | 00,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe
< MD5 for: VIAMRAID.SYS >
[2007.03.19 17:18:12 | 00,104,064 | ---- | M] (VIA Technologies inc,.ltd) MD5=85E9421C8A99D1291B43B9B59A669AC3 -- C:\WINDOWS\OemDir\viamraid.sys
[2007.03.19 17:18:12 | 00,104,064 | ---- | M] (VIA Technologies inc,.ltd) MD5=85E9421C8A99D1291B43B9B59A669AC3 -- C:\WINDOWS\system32\drivers\viamraid.sys
< MD5 for: VIASRAID.SYS >
[2003.06.12 11:31:46 | 00,075,904 | R--- | M] (VIA Technologies inc,.ltd) MD5=1493F351E5A4B915FB5BBB735C14004B -- C:\WINDOWS\system32\drivers\viasraid.sys
< MD5 for: WINLOGON.EXE >
[2004.08.17 15:49:28 | 00,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004.08.17 15:49:28 | 00,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2004.08.17 15:49:22 | 00,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2004.08.17 15:49:22 | 00,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< End of report >
- Přílohy
-
- gmerFULLlog.rar
- (1.17 KiB) Staženo 79 x
-
- Extras.rar
- log z programu OTL
- (5.74 KiB) Staženo 84 x
Re: win32/olmarik v operační paměti
ještě jsem zapomněl dodat že kdyz jsem to skenoval GMER tak byly 2 soubory(už nevím které) napsany cervene i s adresou,soubory byly v adresari C:/windows/system32/drivers
Re: win32/olmarik v operační paměti
log avenger
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Driver "kbiwkmotvcjgid" deleted successfully.
File "C:\WINDOWS\system32\drivers\kbiwkmqbrntoql.sys" deleted successfully.
File "C:\WINDOWS\system32\kbiwkmdxlvvkmt.dll" deleted successfully.
File "C:\WINDOWS\system32\kbiwkmluicoebf.dat" deleted successfully.
File "C:\WINDOWS\system32\kbiwkmyspayvpa.dll" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
gmer kratky scan
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-30 13:29:42
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\TOMBAB~1\LOCALS~1\Temp\pwqoipoc.sys
---- System - GMER 1.0.15 ----
Code 820AC628 ZwEnumerateKey
Code 820ABE20 ZwFlushInstructionCache
Code 820B70BE ZwSaveKey
Code 820B3E2E ZwSaveKeyEx
Code 820BD66E IofCallDriver
Code 820BD7E6 IofCompleteRequest
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
---- Threads - GMER 1.0.15 ----
Thread System [4:568] 81921930
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\drivers\kbiwkmqbrntoql.sys (*** hidden *** ) [SYSTEM] kbiwkmotvcjgid <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
řádek který jsem označil cervene byl taky cerveny a psalo to "warning GMER has found system modification,which might have been caused by ROOTKIT activity a jestli chvi zacit fully scan" a ESET hlásí pořád to samé
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Driver "kbiwkmotvcjgid" deleted successfully.
File "C:\WINDOWS\system32\drivers\kbiwkmqbrntoql.sys" deleted successfully.
File "C:\WINDOWS\system32\kbiwkmdxlvvkmt.dll" deleted successfully.
File "C:\WINDOWS\system32\kbiwkmluicoebf.dat" deleted successfully.
File "C:\WINDOWS\system32\kbiwkmyspayvpa.dll" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
gmer kratky scan
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-30 13:29:42
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\TOMBAB~1\LOCALS~1\Temp\pwqoipoc.sys
---- System - GMER 1.0.15 ----
Code 820AC628 ZwEnumerateKey
Code 820ABE20 ZwFlushInstructionCache
Code 820B70BE ZwSaveKey
Code 820B3E2E ZwSaveKeyEx
Code 820BD66E IofCallDriver
Code 820BD7E6 IofCompleteRequest
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
---- Threads - GMER 1.0.15 ----
Thread System [4:568] 81921930
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\drivers\kbiwkmqbrntoql.sys (*** hidden *** ) [SYSTEM] kbiwkmotvcjgid <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
řádek který jsem označil cervene byl taky cerveny a psalo to "warning GMER has found system modification,which might have been caused by ROOTKIT activity a jestli chvi zacit fully scan" a ESET hlásí pořád to samé
Re: win32/olmarik v operační paměti
full scan MBAM
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3657
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
30.1.2010 14:36:07
mbam-log-2010-01-30 (14-35-56).txt
Typ kontroly: Kompletní kontrola (C:\|)
Zkontrolované objekty: 184418
Uplynulý čas: 34 minute(s), 42 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 7
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
C:\Documents and Settings\Milda\Local Settings\Temp\eqvohyuqst.tmp (Rootkit.TDSS) -> No action taken.
C:\C_\Documents and Settings\Tomba Bomba\Dokumenty\My Completed Downloads\Rapget.RS_Public_v0.9.7.8_cz.exe (Spyware.OnlineGames) -> No action taken.
C:\C_\Documents and Settings\Tomba Bomba\Plocha\navigator\Rapget\Rapget.RS_Premium_v1.0.1.1_cz.exe (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\kbiwkmdxlvvkmt.dll (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\kbiwkmyspayvpa.dll (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\drivers\kbiwkmqbrntoql.sys (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\kbiwkmluicoebf.dat (Rootkit.TDSS) -> No action taken.
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3657
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
30.1.2010 14:36:07
mbam-log-2010-01-30 (14-35-56).txt
Typ kontroly: Kompletní kontrola (C:\|)
Zkontrolované objekty: 184418
Uplynulý čas: 34 minute(s), 42 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 7
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
C:\Documents and Settings\Milda\Local Settings\Temp\eqvohyuqst.tmp (Rootkit.TDSS) -> No action taken.
C:\C_\Documents and Settings\Tomba Bomba\Dokumenty\My Completed Downloads\Rapget.RS_Public_v0.9.7.8_cz.exe (Spyware.OnlineGames) -> No action taken.
C:\C_\Documents and Settings\Tomba Bomba\Plocha\navigator\Rapget\Rapget.RS_Premium_v1.0.1.1_cz.exe (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\kbiwkmdxlvvkmt.dll (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\kbiwkmyspayvpa.dll (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\drivers\kbiwkmqbrntoql.sys (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\kbiwkmluicoebf.dat (Rootkit.TDSS) -> No action taken.
Re: win32/olmarik v operační paměti
jak mam zjistit zda agp440.sys je ve slozce C:\WINDOWS\system32\drivers\atapi.sys?
log z GMERU(pořád jeden řadek cerveny):
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-30 14:53:01
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\TOMBAB~1\LOCALS~1\Temp\pwqoipoc.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
---- Threads - GMER 1.0.15 ----
Thread System [4:572] 81B61930
---- Services - GMER 1.0.15 ----
Service system32\drivers\kbiwkmqbrntoql.sys (*** hidden *** ) [SYSTEM] kbiwkmotvcjgid <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
log z GMERU(pořád jeden řadek cerveny):
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-30 14:53:01
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\TOMBAB~1\LOCALS~1\Temp\pwqoipoc.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
---- Threads - GMER 1.0.15 ----
Thread System [4:572] 81B61930
---- Services - GMER 1.0.15 ----
Service system32\drivers\kbiwkmqbrntoql.sys (*** hidden *** ) [SYSTEM] kbiwkmotvcjgid <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
Re: win32/olmarik v operační paměti
ten soubor agp440.sys nemam v c:/windows/system32/drivers a ten řádek nejde smazat protože program nemohl nalezt uvedenou cestu...
Re: win32/olmarik v operační paměti
fix
========== FILES ==========
AGP440.sys extracted to C:\
atapi.sys extracted to C:\
OTL by OldTimer - Version 3.1.27.0 log created on 01302010_154713
log avenger
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\kbiwkmotvcjgid" not found!
Deletion of driver "kbiwkmotvcjgid" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\drivers\kbiwkmqbrntoql.sys" not found!
Replacement with dummy of file "C:\WINDOWS\system32\drivers\kbiwkmqbrntoql.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\kbiwkmdxlvvkmt.dll" not found!
Replacement with dummy of file "C:\WINDOWS\system32\kbiwkmdxlvvkmt.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\kbiwkmluicoebf.dat" not found!
Replacement with dummy of file "C:\WINDOWS\system32\kbiwkmluicoebf.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\kbiwkmyspayvpa.dll" not found!
Replacement with dummy of file "C:\WINDOWS\system32\kbiwkmyspayvpa.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\Documents and Settings\Milda\Local Settings\Temp\eqvohyuqst.tmp" not found!
Replacement with dummy of file "C:\Documents and Settings\Milda\Local Settings\Temp\eqvohyuqst.tmp" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\SYSTEM\ControlSet001\Services\kbiwkmotvcjgid" not found!
Replacement with dummy of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbiwkmotvcjgid" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\SYSTEM\ControlSet002\Services\kbiwkmotvcjgid" not found!
Replacement with dummy of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kbiwkmotvcjgid" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\SYSTEM\CurrentControlSet\Services\kbiwkmotvcjgid" not found!
Replacement with dummy of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbiwkmotvcjgid" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
File move operation "C:\AGP440.sys|C:\WINDOWS\system32\drivers\AGP440.sys" completed successfully.
File move operation "C:\atapi.sys|C:\WINDOWS\system32\drivers\atapi.sys" completed successfully.
Completed script processing.
*******************
Finished! Terminate.
C:/C_ ja jsem pred nejakou dobou preinstalovaval win a tak jsem cely C stahl na notebook a pak zase zpatky,kdyz neco potrebuju ze staryho hadru tak si to vezmu a az si budu jiste ze z toho nic nepotrebuju tak to smazu.
mbr log:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
mbr log 2
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
========== FILES ==========
AGP440.sys extracted to C:\
atapi.sys extracted to C:\
OTL by OldTimer - Version 3.1.27.0 log created on 01302010_154713
log avenger
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\kbiwkmotvcjgid" not found!
Deletion of driver "kbiwkmotvcjgid" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\drivers\kbiwkmqbrntoql.sys" not found!
Replacement with dummy of file "C:\WINDOWS\system32\drivers\kbiwkmqbrntoql.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\kbiwkmdxlvvkmt.dll" not found!
Replacement with dummy of file "C:\WINDOWS\system32\kbiwkmdxlvvkmt.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\kbiwkmluicoebf.dat" not found!
Replacement with dummy of file "C:\WINDOWS\system32\kbiwkmluicoebf.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\kbiwkmyspayvpa.dll" not found!
Replacement with dummy of file "C:\WINDOWS\system32\kbiwkmyspayvpa.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\Documents and Settings\Milda\Local Settings\Temp\eqvohyuqst.tmp" not found!
Replacement with dummy of file "C:\Documents and Settings\Milda\Local Settings\Temp\eqvohyuqst.tmp" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\SYSTEM\ControlSet001\Services\kbiwkmotvcjgid" not found!
Replacement with dummy of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbiwkmotvcjgid" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\SYSTEM\ControlSet002\Services\kbiwkmotvcjgid" not found!
Replacement with dummy of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kbiwkmotvcjgid" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\SYSTEM\CurrentControlSet\Services\kbiwkmotvcjgid" not found!
Replacement with dummy of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbiwkmotvcjgid" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
File move operation "C:\AGP440.sys|C:\WINDOWS\system32\drivers\AGP440.sys" completed successfully.
File move operation "C:\atapi.sys|C:\WINDOWS\system32\drivers\atapi.sys" completed successfully.
Completed script processing.
*******************
Finished! Terminate.
C:/C_ ja jsem pred nejakou dobou preinstalovaval win a tak jsem cely C stahl na notebook a pak zase zpatky,kdyz neco potrebuju ze staryho hadru tak si to vezmu a az si budu jiste ze z toho nic nepotrebuju tak to smazu.
mbr log:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
mbr log 2
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
Re: win32/olmarik v operační paměti
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-30 16:11:47
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\TOMBAB~1\LOCALS~1\Temp\pwqoipoc.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
---- Threads - GMER 1.0.15 ----
Thread System [4:572] 81B82930
---- EOF - GMER 1.0.15 ----
není zač
Rootkit quick scan 2010-01-30 16:11:47
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\TOMBAB~1\LOCALS~1\Temp\pwqoipoc.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
---- Threads - GMER 1.0.15 ----
Thread System [4:572] 81B82930
---- EOF - GMER 1.0.15 ----
není zač
Re: win32/olmarik v operační paměti
Mám otázku, jak se dají získat takové zkušenosti s viry jaké máte vy? 
Re: win32/olmarik v operační paměti
už se to doskenovalo ale ja jsem to omylem neulozil... cervene nebylo nic,dam to znovu ale myslim si ze uz je vse v poradku,pomalu tomu ani nechci verit zes to dokazal, protoze ze zacatku se mi to jevilo ze to nepujde bez formatovani... mockrat dekuju zes obetoval cely den nekomu koho ani neznas... a jak pises ty skripty, tak to taky vsechna cest!
Přispějete na provoz fóra?